CVE-2023-6155

Summary

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the ays_quiz_author_user_search AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.

Affected Software

VendorProductVersion RangeStatus
UnknownQuiz Maker0 < 6.4.9.5affected

Weaknesses

  • CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References