CVE-2023-6155
MEDIUM WAF: Low
CVSS 5.3
Published: 2023-12-26
CWE-287 CWE-287
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ays-pro | quiz_maker | up to 6.4.9.5 |
References
- wpscan.com (Exploit, Third Party Advisory)