CVE-2024-1079

MEDIUM

Quiz Maker <= 6.5.2.4 - Unauthenticated Arbitrary Quiz Results Access via ays_show_results()

Title source: llm
STIX 2.1

Description

The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.

Scores

CVSS v3 5.3
EPSS 0.0055
EPSS Percentile 41.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
ays-pro/Quiz Maker < 6.5.2.4
ays-pro/quiz_maker < 6.5.2.5
Published Feb 07, 2024
Tracked Since Feb 18, 2026