CVE-2021-36906: 
WordPress vulnerability analysis and mitigation

Multiple Insecure Direct Object References (IDOR) vulnerabilities were discovered in the ExpressTech Quiz And Survey Master WordPress plugin versions 7.3.6 and below. The vulnerability was disclosed on October 21, 2022, and was assigned CVE-2021-36906. This security issue affects the Quiz And Survey Master plugin, which is a popular tool for creating quizzes and surveys on WordPress websites (Patchstack).

The vulnerability has been assessed with varying CVSS scores. The NVD assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Patchstack rated it as 2.7 (LOW) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key) (NVD).

The vulnerability could potentially allow attackers to bypass authorization mechanisms and access sensitive information or interact with the database without proper permissions. The impact severity assessments vary significantly between sources, with NVD indicating high potential impact across confidentiality, integrity, and availability, while Patchstack suggests a lower severity impact (NVD, Patchstack).

The vulnerability has been patched in version 7.3.7 of the Quiz And Survey Master plugin. Users are advised to update to this version or later to remediate the security issue (Patchstack, WordPress).