CVE-2024-10574Missing Authorization in PRO Plugins Quiz Maker Agency

CWE-862Missing Authorization3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 53.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
AYS PRO Plugins Quiz Maker AgencyAYS PRO Plugins Quiz Maker BusinessAYS PRO Plugins Quiz Maker Developer
Timeline
PublishedJan 26

Description

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Because the 'client_id'

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages3 packages

CVEListV5ays_pro_plugins/quiz_maker_agency*31.8.0
CVEListV5ays_pro_plugins/quiz_maker_developer*21.8.0

🔴Vulnerability Details

2
GHSA
GHSA-4gv5-8ww7-7mf6: The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability ch2025-01-26
CVEList
Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and Stored Cross-Site Scripting2025-01-26
CVE-2024-10574 — Missing Authorization | cvebase