CVE-2024-11323
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Dec 6, 2024
CWE ID 862
Summary
CVE-2024-11323 is a vulnerability affecting the AI Quiz | Quiz Maker plugin for WordPress. This issue allows authenticated attackers, with Subscriber-level access and above, to unauthorizedly modify data through the ai_quiz_update_style() function, which is missing a capability check. Consequently, attackers can escalate privileges by updating arbitrary options, including the default role for registration, to administrator. This vulnerability can lead to attackers gaining administrative user access to WordPress sites.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share