AYS Pro Quiz Maker Business
Moderate fix3 remedies
cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:wordpress:*:*
Moderate fix3 remedies
- >= 30.0.0, <= 31.8.0
- >= 7.0.0, <= 8.8.0
- >= 20.0.0, <= 21.8.0
Quiz Maker WordPress Plugin Unauthorized Data Modification Vulnerability
Vulnerability
Patched
A vulnerability exists in the Quiz Maker WordPress plugin, specifically in the Business, Developer, and Agency versions, all prior to the latest release. The issue stems from a missing capability check in the 'ays_save_google_credentials' function, which allows unauthorized users to modify Google Sheets integration credentials within the plugin's settings. Additionally, the vulnerability could be exploited to inject arbitrary web scripts into pages, executing them when a user accesses the injected page.
Impact
Exploitation of this vulnerability could lead to unauthorized modification of Google Sheets integration credentials and the injection of malicious scripts that could be executed on behalf of the user.
Remediation
Users can update to version 31.8.0.100 for Agency, 8.8.0.100 for Business, or 21.8.0.100 for Developer to address this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
3.1exploitability
7.6remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.