CVE-2025-6790
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-14
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| quiz-master-next | quiz-master-next | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Quiz and Survey Master (QSM) WordPress plugin versions before 10.2.3. It lacks a Cross-Site Request Forgery (CSRF) check when updating its settings. This means that an attacker could trick a logged-in administrator into unknowingly changing the plugin's settings by exploiting this missing security check.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to change the settings of the QSM plugin without the administrator's consent. This could lead to unauthorized configuration changes, potentially compromising the integrity or functionality of the plugin and the website it is installed on.
What immediate steps should I take to mitigate this vulnerability?
Update the Quiz and Survey Master (QSM) WordPress plugin to version 10.2.3 or later, which includes the necessary CSRF protection when updating settings. Additionally, ensure that only trusted administrators have access to the WordPress admin area to reduce the risk of CSRF attacks.