WordPress Plugin Vulnerabilities

Quiz And Survey Master < 7.3.5 - Quiz Update via IDOR

Description

The plugin does not ensure that the quiz to be edited belongs to the user making the request, allowing high privilege users to edit quiz they should not be able to

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 7.3.5

References

CVE
CVE-2021-36865

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
e9aa9b76-f69f-4744-9616-9ca343cc9227

Timeline

Publicly Published
2022-09-29 (about 3 years ago)
Added
2022-10-01 (about 3 years ago)
Last Updated
2022-10-01 (about 3 years ago)

Other

Published
Title
Published
2023-05-03
Title
WCFM Membership < 2.11.0 - Unauthenticated Arbitrary Password Update via IDOR
Published
2026-02-18
Title
Gutena Forms < 1.6.1 - Contributor+ Arbitrary Limited Options Update
Published
2021-11-22
Title
Logo Carousel < 3.4.2 - Unauthorised Private Post Access
Published
2025-11-18
Title
YITH WooCommerce Wishlist < 4.10.1 - Unauthenticated Wishlist Rename via IDOR
Published
2022-04-14
Title
WP 2FA < 2.2.0 - Arbitrary 2FA Disabling via IDOR