CVE-2024-1079: 
WordPress vulnerability analysis and mitigation

The Quiz Maker plugin for WordPress (CVE-2024-1079) contains a vulnerability related to unauthorized access of data, discovered and disclosed on February 7, 2024. The vulnerability affects all versions up to and including 6.5.2.4 of the Quiz Maker plugin. This security issue stems from a missing capability check in the ays_show_results() function (NVD).

The vulnerability is characterized by a missing authorization check in the ays_show_results() function, which allows unauthorized access to quiz data. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD, Wordfence).

The vulnerability enables unauthenticated attackers to fetch arbitrary quiz results which may contain personally identifiable information (PII). This unauthorized access to sensitive data poses a significant privacy risk to users who have taken quizzes using the affected plugin (NVD).

The vulnerability has been patched in version 6.5.2.5 of the Quiz Maker plugin. Users are advised to update to this version or later to protect against unauthorized data access (WordPress).