5 matches found
CVE-2023-0292
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsmremovefilefdquestion AJAX action. This makes it possible for unauthenticated attacker...
CVE-2023-0292 Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsmremovefilefdquestion AJAX action. This makes it possible for unauthenticated attacker...
CVE-2023-0292
CVE-2023-0292 concerns the WordPress plugin “Quiz And Survey Master” (WordPress) up to version 8.0.8. The issue is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing nonce validation on the AJAX handler qsm_remove_file_fd_question. This enables unauthenticated attackers to delete...
WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSRF CWE-352 Date found: 2023-01-13 Date published: 2023-02-08 CVSSv3 Scor...
WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery Vulnerability
WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSR...