CVE-2023-0291
- Source
- https://cve.org/CVERecord?id=CVE-2023-0291
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0291.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-0291
- Published
- 2023-06-09T06:15:48.630Z
- Modified
- 2026-04-10T04:53:51.451070Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.
- References
Affected packages
Git / github.com/quizandsurveymaster/quiz_master_next
Affected versions
3.*
3.3.3
3.4.1
3.5.1
3.5.2
3.6.1
3.7.1
3.8.1
3.8.2
3.9.0
4.*
4.0.0
4.0.1
4.1.0
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.6.0
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.7.0
4.7.1
4.7.10
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.7.9
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.3.0
5.3.1
5.3.2
6.*
6.0
6.0.1
6.0.2
6.0.3
6.0.4
6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.3.1
6.3.2
6.3.3
6.3.5
6.3.6
6.4
6.4.1
6.4.2
7.*
7.3.10
7.3.11
7.3.12
7.3.13
7.3.14
7.3.9
8.*
8.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.0.8