WordPress Plugin Vulnerabilities

Quiz And Survey Master < 8.1.17 - Unauthenticated Unauthorised Action

Description

The plugin is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions allowing unauthenticated attackers to invoke this function.

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 8.1.17

References

CVE
CVE-2023-51507
URL
https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-16-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
58234db3-df93-4840-be87-1e3743ff482e

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-05 (about 2 years ago)

Other

Published
Title
Published
2026-02-17
Title
Gutenberg Blocks with AI by Kadence WP < 3.6.2 - Contributor+ Unauthorized Media Upload
Published
2024-06-06
Title
Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow < 1.4.0 - Missing Authorization
Published
2022-04-02
Title
Quick Adsense < 2.8.2 - Subscriber+ Post Stats Reset
Published
2023-11-07
Title
CoCart – Headless ecommerce < 3.12.0 - Missing Authorization
Published
2025-12-04
Title
EPROLO Dropshipping < 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification