Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.9 views

CVE-2023-0291

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...

9.1CVSS5.7AI score0.02034EPSS
Exploits5References1
NVD
NVD
added 2023/06/09 6:15 a.m.27 views

CVE-2023-0291

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...

9.1CVSS7.4AI score0.02034EPSS
Exploits5References4
CVE
CVE
added 2023/06/09 5:33 a.m.72 views

CVE-2023-0291

CVE-2023-0291 affects the WordPress plugin Quiz And Survey Master (versions up to and including 8.0.8). The issue is a missing capability check in the function tied to the qsm_remove_file_fd_question AJAX action, enabling unauthenticated attackers to delete arbitrary media files. Connected source...

9.1CVSS9AI score0.02034EPSS
Exploits5References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.38 views

CVE-2023-0291 Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...

7.2CVSS7.4AI score0.02034EPSS
Exploits5References4
Patchstack
Patchstack
added 2023/02/17 12:0 a.m.20 views

WordPress Quiz And Survey Master Plugin <= 8.0.8 is vulnerable to Arbitrary Content Deletion

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.8 Fixed in 8.0.9 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-0291 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e9a3307d184 Credits Julien Ahrens...

9.1CVSS6.4AI score0.02034EPSS
Exploits5References3Affected Software1
0day.today
0day.today
added 2023/02/15 12:0 a.m.255 views

WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...

9.1CVSS0.5AI score0.02034EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.362 views

WordPress Quiz And Survey Master 8.0.8 Media Deletion

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...

0.5AI score0.02034EPSS
Exploits5
Rows per page
Query Builder