CVE-2024-10633

Published Jan 26, 2025

Last updated a month ago

CVSS high 7.3

Overview

Description
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
7.3
Impact score
3.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-95

Social media

Hype score
Not currently trending

  1. New post from https://t.co/uXvPWJy6tj (CVE-2024-10633 | AYS Pro Plugins Quiz Maker Business, Developer, and Agency Plugin up to 21.8.0 on WordPress Shortcode neutralization of directives) has been published on https://t.co/a6nuox72rd

    @WolfgangSesin

    26 Jan 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. New post from https://t.co/uXvPWJy6tj (CVE-2024-10633 | AYS Pro Plugins Quiz Maker Business, Developer, and Agency Plugin up to 21.8.0 on WordPress Shortcode neutralization of directives) has been published on https://t.co/cZFsvgCK8J

    @WolfgangSesin

    26 Jan 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-10633 Unauthenticated Shortcode Execution in WordPress Quiz Maker Plugins https://t.co/PcfqkudT4l

    @VulmonFeeds

    26 Jan 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-10633 The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Busin… https://t.co/7HLy7l8Fs2

    @CVEnew

    26 Jan 2025

    615 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. A CVE of mine CVE-2024-10633 (CVSS:3.1 7.3 High) has been released today. Full disclosure exclusively on my blog https://t.co/Z46zGduZ0M, at a later date in a larger series. You can read more about it at the link below https://t.co/qfvlgSyaoF

    @theabrahack

    25 Jan 2025

    124 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References