Authorization Bypass Vulnerability in Quiz And Survey Master for WordPress Allows Arbitrary Media File Deletion
CVE-2023-0291 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.
Learn more about our Wordpress Pen Testing.