CVE-2023-6155 Information

Description

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the ays_quiz_author_user_search AJAX action allowing an unauthenticated attacker to perform a search for users of the system ultimately leaking user email addresses.

Reference

https://wpscan.com/vulnerability/c62be802-e91a-4bcf-990d-8fd8ef7c9a28