[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZYzj0ALZkGqRM0IUm1DPtqtTZ2Pbxk48URvOH5nmLqk":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":27,"research_verified":28,"research_rounds_completed":29,"research_plan":30,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":31,"research_started_at":32,"research_completed_at":33,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":28,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":28,"source_links":34},"CVE-2026-25324","quiz-and-survey-master-qsm-easy-quiz-and-survey-maker-unauthenticated-insecure-direct-object-reference","Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker \u003C= 10.3.4 - Unauthenticated Insecure Direct Object Reference","The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.3.4 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to [describe the impact of the vulnerability].","quiz-master-next",null,"\u003C=10.3.4","10.3.5","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Authorization Bypass Through User-Controlled Key","2026-02-01 00:00:00","2026-05-04 15:25:54",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa67ab966-c179-4ea6-bf8c-bc22f9b4644b?source=api-prod",93,[22,23,24,25,26],"js\u002Fqsm-admin.js","mlw_quizmaster2.php","php\u002Fclasses\u002Fclass-qmn-quiz-manager.php","php\u002Fclasses\u002Fclass-qsm-migrate.php","readme.txt","researched",false,3,"# Exploitation Research Plan - CVE-2026-25324\n\n## 1. Vulnerability Summary\nThe **Quiz and Survey Master (QSM)** plugin for WordPress is vulnerable to an **Unauthenticated Insecure Direct Object Reference (IDOR)** in versions up to and including 10.3.4. The flaw exists in the `QMNQuizManager::qsm_create_quiz_nonce` AJAX handler (registered via `wp_ajax_nopriv_qsm_create_quiz_nonce`), which allows any user to generate a valid security nonce for any quiz by providing a `quiz_id`. This leaked nonce can then be used to perform actions on quizzes—such as submitting results or potentially manipulating existing ones—without proper authorization or ownership checks.\n\n## 2. Attack Vector Analysis\n- **Endpoints**: \n    - `\u002Fwp-admin\u002Fadmin-ajax.php?action=qsm_create_quiz_nonce` (Nonce leak)\n    - `\u002Fwp-admin\u002Fadmin-ajax.php?action=qmn_process_quiz` (Privileged action)\n- **Parameters**:\n    - `quiz_id`: The ID of the quiz to target.\n    - `nonce`: The leaked nonce obtained from the first endpoint.\n- **Authentication**: Unauthenticated (None).\n- **Preconditions**: A quiz must exist in the system (default quizzes are often created upon installation).\n\n## 3. Code Flow\n1. **Entry Point (Leak)**: `QMNQuizManager::add","gemini-3-flash-preview","2026-05-04 20:18:03","2026-05-04 20:18:48",{"type":35,"vulnerable_version":36,"fixed_version":11,"vulnerable_browse":37,"vulnerable_zip":38,"fixed_browse":39,"fixed_zip":40,"all_tags":41},"plugin","10.3.4","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fquiz-master-next\u002Ftags\u002F10.3.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquiz-master-next.10.3.4.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fquiz-master-next\u002Ftags\u002F10.3.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquiz-master-next.10.3.5.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fquiz-master-next\u002Ftags"]