7 matches found
CVE-2023-0291
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...
CVE-2023-0291
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...
CVE-2023-0291
CVE-2023-0291 affects the WordPress plugin Quiz And Survey Master (versions up to and including 8.0.8). The issue is a missing capability check in the function tied to the qsm_remove_file_fd_question AJAX action, enabling unauthenticated attackers to delete arbitrary media files. Connected source...
CVE-2023-0291 Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...
WordPress Quiz And Survey Master Plugin <= 8.0.8 is vulnerable to Arbitrary Content Deletion
Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.8 Fixed in 8.0.9 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-0291 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e9a3307d184 Credits Julien Ahrens...
WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability
WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...
WordPress Quiz And Survey Master 8.0.8 Media Deletion
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...