CVE-2024-1078 Quiz Maker <= 6.5.2.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification

The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level acce...

WordPress Quiz Maker Plugin <= 6.5.2.4 is vulnerable to Broken Access Control

Software Quiz Maker Type Plugin Vulnerable versions = 6.5.2.4 Fixed in 6.5.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1078 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0653250f4b8f Credits Lucio Sá Required privilege...

PT-2024-16548 · WordPress · Quiz Maker

Name of the Vulnerable Software and Affected Versions: The Quiz Maker plugin for WordPress versions up to, and including, 6.5.2.4 Description: The issue arises from a missing capability check on the ays show results function, allowing unauthenticated attackers to access arbitrary quiz results,...