CVE-2023-6155: 
WordPress vulnerability analysis and mitigation

The Quiz Maker WordPress plugin before version 6.4.9.5 contains a security vulnerability identified as CVE-2023-6155. The vulnerability was discovered by Krzysztof Zając from CERT PL and was publicly disclosed on November 30, 2023. This security issue affects the plugin's AJAX functionality, specifically the ays_quiz_author_user_search action, which lacks proper authorization controls (WPScan).

The vulnerability is classified as a Sensitive Data Disclosure issue with a CVSS v3.1 base score of 5.3 (Medium). It is categorized under CWE-287 (Improper Authentication) and CWE-200. The technical issue stems from inadequate authorization controls in the AJAX action ays_quiz_author_user_search, which can be exploited without authentication requirements (NVD, WPScan).

The vulnerability allows unauthenticated attackers to perform user searches within the system, resulting in the exposure of user email addresses. This information disclosure could potentially be used for further targeted attacks or unauthorized data collection (WPScan).

The vulnerability has been patched in version 6.4.9.5 of the Quiz Maker plugin. Site administrators are strongly advised to update to this version or later to protect against unauthorized email address disclosure (WPScan).