cleantalk
Vulnerabilities and Security Researches

Quiz Maker, CVE-2023-6155

CVE, Research URL

CVE-2023-6155

Home page URL

Security reports for Quiz Maker

Application

Quiz Maker

Published on
Dec 27, 2023
Research Description
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
Affected versions
Min -, max 6.4.9.5.
Status
vulnerable
Previous vulnerability researches
Quiz Maker (CVE-2021-24456) , Jun 06, 2024
Quiz Maker (CVE-2024-10633) , Jan 29, 2025
Quiz Maker (CVE-2023-23985) , Jun 06, 2024
Quiz Maker (CVE-2023-6155) , Jun 06, 2024
Quiz Maker (CVE-2023-6166) , Jun 06, 2024
New vulnerability
License Manager for WooCommerce (CVE-2025-32522) , Apr 14, 2025
License For Envato (CVE-2025-32566) , Apr 14, 2025
Ray Enterprise Translation (CVE-2025-31030) , Apr 14, 2025
WooCommerce TBC Credit Card Payment Gateway (Free) (CVE-2025-32611) , Apr 14, 2025
FireDrum Email Marketing (CVE-2025-31018) , Apr 14, 2025