Ays-pro - Quiz Maker CVE

Filtered by vendor Ays-pro Subscribe

Filtered by product Quiz Maker

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-6166	1 Ays-pro	1 Quiz Maker	2024-01-02	N/A	6.1 MEDIUM
The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
CVE-2023-6155	1 Ays-pro	1 Quiz Maker	2024-01-02	N/A	5.3 MEDIUM
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.

Vulnerabilities (CVE)