Report
The Quiz And Survey Master plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 7.3.4. This is due to insufficient validation on the key controlling a quiz's id. This makes it possible for authenticated attackers with author-level capabilities and above to change arbitrary quiz content.
Score:3.8
Severity:Low
Version: 7.3.4
There is a patch available in v7.3.5 and we strongly recommend you update to this version as soon as possible.
