Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ays-pro quiz maker vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2024-1078
The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, w...
Ays-pro Quiz Maker
5.3
CVSSv3
CVE-2024-1079
The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated malicious users to fetch arbitrary quiz ...
Ays-pro Quiz Maker
6.5
CVSSv3
CVE-2024-22027
Improper input validation vulnerability in WordPress Quiz Maker Plugin before 6.5.0.6 allows a remote authenticated malicious user to perform a Denial of Service (DoS) attack against external services.
Ays-pro Quiz Maker
5.3
CVSSv3
CVE-2023-6155
The Quiz Maker WordPress plugin prior to 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated malicious user to perform a search for users of the system, ultimately leaking user email addresses.
Ays-pro Quiz Maker
6.1
CVSSv3
CVE-2023-6166
The Quiz Maker WordPress plugin prior to 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
Ays-pro Quiz Maker
6.1
CVSSv3
CVE-2023-2571
The Quiz Maker WordPress plugin prior to 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ays-pro Quiz Maker
7.2
CVSSv3
CVE-2021-24456
The Quiz Maker WordPress plugin prior to 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard
Ays-pro Quiz Maker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started