Lucene search
K

44 matches found

NVD
NVD
added 2026/06/27 2:16 a.m.9 views

CVE-2026-13422

The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...

4.3CVSS0.00179EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/06/27 1:27 a.m.32 views

CVE-2026-13422 HD Quiz 2.2.0 - 2.2.1 - Cross-Site Request Forgery via Multiple AJAX Handlers

The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...

4.3CVSS0.00179EPSS
Exploits0References16
CVE
CVE
added 2026/06/27 1:27 a.m.19 views

CVE-2026-13422

The CVE concerns the WordPress plugin HD Quiz (WordPress) versions 2.2.0–2.2.1. The root cause is missing or incorrect nonce validation in the hdq_validate_nonce function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to delete or modify quizzes and questions, create ...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.15 views

PT-2026-53042

Name of the Vulnerable Software and Affected Versions HD Quiz versions 2.2.0 through 2.2.1 Description The HD Quiz plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because the hdq validate nonce function fails to properly validate nonces, which are unique tokens...

4.3CVSS5.7AI score0.00179EPSS
Exploits0References20
NVD
NVD
added 2026/01/23 3:16 p.m.6 views

CVE-2026-24544

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through = 2.0.9...

4.3CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:28 p.m.3 views

CVE-2026-24544 WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through = 2.0.9...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 2:28 p.m.31 views

CVE-2026-24544 WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through = 2.0.9...

4.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:28 p.m.2 views

CVE-2026-24544

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through = 2.0.9...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.9 views

WordPress plugin HD Quiz security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-11483

Malware in sbrugna...

5.4CVSS5.6AI score0.00624EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19757

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-43732

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00457EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.7 views

CVE-2024-22161

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harmonic Design HD Quiz allows Stored XSS.This issue affects HD Quiz: from n/a through 1.8.11...

5.9CVSS6.5AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.6 views

CVE-2024-49689

Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light hd-quiz-save-results-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through = 0.5...

5.4CVSS5.9AI score0.00457EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.11 views

CVE-2021-24571

The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues...

5.4CVSS5.9AI score0.00624EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.10 views

CVE-2024-13383

The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.8 views

CVE-2024-13383

The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00266EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.4 views

CVE-2024-13383

The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.12 views

CVE-2024-13383 HD Quiz < 2.0.0 - Editor+ Stored XSS

The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.11 views

CVE-2024-13383 HD Quiz < 2.0.0 - Editor+ Stored XSS

The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00266EPSS
Exploits1References1
Rows per page
Query Builder