7 matches found
CVE-2023-0291
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...
CVE-2023-0291
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...
CVE-2023-0291 Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...
CVE-2023-0291
CVE-2023-0291 affects the WordPress plugin Quiz And Survey Master (versions up to and including 8.0.8). The issue is a missing capability check in the function tied to the qsm_remove_file_fd_question AJAX action, enabling unauthenticated attackers to delete arbitrary media files. Connected source...
WordPress Quiz And Survey Master Plugin <= 8.0.8 is vulnerable to Arbitrary Content Deletion
Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.8 Fixed in 8.0.9 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-0291 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e9a3307d184 Credits Julien Ahrens...
WordPress Quiz And Survey Master 8.0.8 Media Deletion
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...
WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability
WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...