Security Advisory

CVE-2023-6155

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-26 18:33:11

Last updated 2024-09-12 12:30:30

Assigner WPScan

State PUBLISHED

Description

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.

← Browse all CVEs View on cve.org ↗