8 matches found
CVE-2026-14706
CVE-2026-14706 affects code-projects Online Examination 1.0, specifically the Quiz Creation Feature via /update.php?q=addquiz. The issue arises from manipulation of arguments name/total/right/wrong/time/tag/desc, leading to SQL injection. Remote attack possible; exploit publicly available (exploi...
EUVD-2026-41727
A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated...
CVE-2026-13422
The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...
CVE-2026-13422
The CVE concerns the WordPress plugin HD Quiz (WordPress) versions 2.2.0–2.2.1. The root cause is missing or incorrect nonce validation in the hdq_validate_nonce function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to delete or modify quizzes and questions, create ...
EUVD-2024-16853
Malicious code in bioql PyPI...
CVE-2024-9351 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'createmodule' function. This makes it possible f...
WordPress Forminator Forms plugin <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation vulnerability
Cross-Site Request Forgery to Draft Quiz Creation vulnerability discovered by Vijaysimha Reddy vijaysimha in WordPress Plugin Forminator versions = 1.35.1...
PT-2024-39586 · WordPress · The Forminator Forms
Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...