Vulnerabilities > AYS PRO > Quiz Maker > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-1078 | Missing Authorization vulnerability in Ays-Pro Quiz Maker The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. | 4.3 |
| 2024-02-07 | CVE-2024-1079 | Missing Authorization vulnerability in Ays-Pro Quiz Maker The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. | 5.3 |
| 2024-01-12 | CVE-2024-22027 | Improper Input Validation vulnerability in Ays-Pro Quiz Maker Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. | 6.5 |
| 2023-12-26 | CVE-2023-6155 | Improper Authentication vulnerability in Ays-Pro Quiz Maker The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. | 5.3 |
| 2023-12-26 | CVE-2023-6166 | Cross-site Scripting vulnerability in Ays-Pro Quiz Maker The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | 6.1 |
| 2023-06-05 | CVE-2023-2571 | Unspecified vulnerability in Ays-Pro Quiz Maker The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |