First published: Fri Jun 09 2023(Updated: )
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Expresstech Quiz And Survey Master | <=8.0.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-0291.
The title of the vulnerability is 'The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8.'
The severity of CVE-2023-0291 is critical with a severity value of 9.1.
The Quiz And Survey Master for WordPress versions up to, and including, 8.0.8 are affected by CVE-2023-0291.
Unauthenticated attackers can exploit CVE-2023-0291 to delete arbitrary files.