Lucene search
WpvulndbWPVDB-ID:D032D74F-DB4D-4EB5-9977-52A5C7F67715HistoryNov 23, 2023 - 12:00 a.m.
ARI Stream Quiz <= 1.3.1 - Contributor+ Content Injection
2023-11-2300:00:00
wpscan.com
4
ari stream quiz
vulnerability
content injection
contributor+
capability check bypass
authenticated attackers.
Description The plugin is vulnerable to content injection due to improper capability checks on the quiz editing functionality in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with contributor access and above, to publish quizzes containing arbitrary content on the site without review.
Related
cve
cve
CVE-2023-47513
2024-06-04 10:15:11
nvd
nvd
CVE-2023-47513
2024-06-04 10:15:11
vulnrichment
vulnrichment
cvelist
cvelist
wordfence
wordfence
AI Score
6.5
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:D032D74F-DB4D-4EB5-9977-52A5C7F67715