CVE-2023-0291 - OpenCVE

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Expresstech	Quiz And Survey Master

Configuration 1 [-]

cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt	Not Applicable VDB Entry
https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next	Patch
https://wordpress.org/plugins/quiz-master-next/	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8?source=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-09T05:33:19.875Z

Updated: 2023-06-09T05:33:19.875Z

Reserved: 2023-01-13T16:54:28.658Z

Link: CVE-2023-0291

JSON object: View

NVD Information

Status : Modified

Published: 2023-06-09T06:15:48.630

Modified: 2023-11-07T04:00:07.090

Link: CVE-2023-0291

JSON object: View

Redhat Information

No data.

CWE

No CWE.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7A6249D5-44F4-4955-91EF-BF8E1D327BD2", "versionEndIncluding": "8.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files."}], "id": "CVE-2023-0291", "lastModified": "2023-11-07T04:00:07.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-06-09T06:15:48.630", "references": [{"source": "security@wordfence.com", "tags": ["Not Applicable", "VDB Entry"], "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/quiz-master-next/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified"}