CVE-2026-24358
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | quiz_master_next | From 10.3.0 (inc) to 10.3.3 (inc) |
| patchstack | quiz_master_next | 10.3.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24358 is a broken access control vulnerability in the WordPress Quiz And Survey Master Plugin (versions up to and including 10.3.3). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows unprivileged users (such as contributors or developers) to perform actions that normally require higher privileges. [1]
How can this vulnerability impact me? :
This vulnerability allows users with lower privileges to perform actions that should be restricted to higher privileged users, potentially leading to unauthorized changes or access within the plugin. However, it has a CVSS severity score of 4.3, indicating a low priority and low impact threat that is unlikely to be exploited. [1]
What immediate steps should I take to mitigate this vulnerability?
Update the WordPress Quiz And Survey Master Plugin to version 10.3.4 or later, as this version contains the fix for the broken access control vulnerability. Additionally, consider enabling auto-updates for the plugin if supported by your management tools to ensure timely patching. [1]