cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11323,https://securityvulnerability.io/vulnerability/CVE-2024-11323,Unauthorized Modification of Data Leads to Privilege Escalation in AI Quiz Plugin,"The AI Quiz | Quiz Maker plugin for WordPress features a vulnerability that allows authenticated users with Subscriber-level access and higher to modify data without authorization, due to a missing capability check on the ai_quiz_update_style() function. This vulnerability permits potential attackers to change critical settings, such as updating the default role for new registrations to administrator and enabling user registration. By exploiting this issue, malicious actors can gain administrative access to affected WordPress sites, compromising the security and integrity of the site.",Wordpress,Ai Quiz | Quiz Maker,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-12-06T08:24:52.190Z,0
CVE-2024-6028,https://securityvulnerability.io/vulnerability/CVE-2024-6028,Time-Based SQL Injection Vulnerability in Quiz Maker Plugin for WordPress,"The Quiz Maker plugin for WordPress is susceptible to a time-based SQL injection attack through the 'ays_questions' parameter across all versions up to and including 6.5.8.3. This vulnerability arises from inadequate input escaping and insufficient measures in the SQL query preparation process, enabling unauthenticated attackers to insert arbitrary SQL statements. This exploitation can lead to unauthorized data retrieval from the database, posing a significant risk to sensitive information. Website administrators are urged to review their plugin versions and apply necessary updates to mitigate these vulnerabilities.",Wordpress,Quiz Maker,9.8,CRITICAL,0.0008800000068731606,false,,false,false,true,2024-06-25T21:15:12.000Z,true,false,false,,2024-06-25T08:35:15.965Z,0
CVE-2024-3592,https://securityvulnerability.io/vulnerability/CVE-2024-3592,SQL Injection Vulnerability in The Quiz And Survey Master Plugin for WordPress,"The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",Wordpress,Quiz And Survey Master (qsm) – Easy Quiz And Survey Maker,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-07T05:33:47.004Z,0
CVE-2024-1078,https://securityvulnerability.io/vulnerability/CVE-2024-1078,Unauthorized Modification of Data Vulnerability in Quiz Maker Plugin for WordPress,"The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.",Wordpress,Quiz Maker,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-07T07:32:19.550Z,0
CVE-2024-1079,https://securityvulnerability.io/vulnerability/CVE-2024-1079,Unauthorized Access to Quiz Results Due to Missing Capability Check,"The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.",Wordpress,Quiz Maker,5.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2024-02-07T07:32:19.081Z,0
CVE-2024-22027,https://securityvulnerability.io/vulnerability/CVE-2024-22027,Improper Input Validation in WordPress Quiz Maker Plugin,"The Quiz Maker Plugin for WordPress suffers from an improper input validation vulnerability which allows remote authenticated attackers to exploit the flaw. By sending specially crafted requests, an attacker could perform Denial of Service (DoS) attacks against external services, impacting service availability and performance.",Wordpress,WordPress Quiz Maker Plugin,6.5,MEDIUM,0.0009899999713525176,false,,false,false,false,,,false,false,,2024-01-12T06:41:29.452Z,0
CVE-2023-6166,https://securityvulnerability.io/vulnerability/CVE-2023-6166,Quiz Maker < 6.4.9.5 - Reflected Cross-Site Scripting,"The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting",Wordpress,Quiz Maker,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-12-26T19:15:00.000Z,0
CVE-2023-6155,https://securityvulnerability.io/vulnerability/CVE-2023-6155,Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure,"The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.",Wordpress,Quiz Maker,5.3,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2023-12-26T19:15:00.000Z,0
CVE-2023-2571,https://securityvulnerability.io/vulnerability/CVE-2023-2571,Quiz Maker < 6.4.2.7 - Reflected XSS,"The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Quiz Maker,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2023-06-05T14:15:00.000Z,0
CVE-2021-24456,https://securityvulnerability.io/vulnerability/CVE-2021-24456,Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections,"The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard",Wordpress,Quiz Maker,7.2,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-08-02T10:32:02.000Z,0