The Quiz Maker WordPress plugin prior to 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated malicious user to perform a search for users of the system, ultimately leaking user email addresses.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ays-pro quiz maker |