CVE-2025-63054
Description
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in WordPress Quiz And Survey Master plugin <=10.3.2 allows unprivileged users to exploit access control flaws.
The vulnerability is a missing authorization check in the Quiz And Survey Master plugin for WordPress, affecting versions up to 10.3.2 [1]. This allows attackers to exploit incorrectly configured access control security levels.
Attackers can send crafted requests without proper authentication or nonce checks, potentially performing actions that should require higher privileges [1]. The attack does not require authentication and can be performed over the network.
Successful exploitation could allow an unprivileged user to access or modify data, or execute actions that should be restricted to higher privilege levels [1].
The plugin developer has released version 10.3.3 which patches the vulnerability. Users should update immediately. For those unable to update, consider using a web application firewall or other access controls [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=10.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.