- Description
- The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-11323 (CVSS:8.8, HIGH) is Awaiting Analysis. The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privil..https://t.co/zU8lbUw8aF #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
11 Dec 2024
7 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11323 Privilege Escalation in AI Quiz WordPress Plugin via Capability Flaw Th... https://t.co/oUbZ8xoUPy Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
6 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11323: HIGH] WordPress AI Quiz Maker plugin has a security flaw allowing privilege escalation. Attackers with Subscriber-level access or higher can modify data and potentially gain admin control. Update...#cybersecurity,#vulnerability https://t.co/nnLXqDdRQO https://t.c
@CveFindCom
6 Dec 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11323 The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability che… https://t.co/PLGiao6afp
@CVEnew
6 Dec 2024
268 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes