CVE-2026-6817

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

VulnCheck KEV: CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'aysquestions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2026-6817

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2026-6817 Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting via 'rate_reason'

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

PT-2026-36612

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2026-32342

CVE-2026-32342 is a CSRF vulnerability affecting the WordPress Quiz Maker plugin (Ays Pro Quiz Maker) up to version 6.7.1.2. Multiple connected sources (Red Hat, ENISA EUVD, NVD, CVE List, Attackers KB, CVE listing) corroborate the issue. The NVD metric shows CVSS v3.1 base score 4.3 (Medium), wi...

CVE-2026-32342 WordPress Quiz Maker plugin <= 6.7.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through = 6.7.1.2...

CVE-2026-2384

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's vcquizmaker shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-2384 Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's vcquizmaker shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-2384

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's vcquizmaker shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2026-20992

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's vc quizmaker shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Quiz Maker plugin <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Quiz Maker versions = 6.7.1.7...

CVE-2025-14579

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-14579 Quiz Maker < 6.7.0.89 - Admin+ Stored XSS

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2026-1747

Name of the Vulnerable Software and Affected Versions The Quiz Maker WordPress plugin versions prior to 6.7.0.89 Description The software does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site...

CVE-2025-67595 WordPress Quiz Maker plugin <= 6.7.0.82 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through = 6.7.0.82...

CVE-2025-12426

The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the aysquizcheckanswer AJAX action without proper authorization checks. The endpoint only validates a nonce,...

CVE-2025-12426 Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure

The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the aysquizcheckanswer AJAX action without proper authorization checks. The endpoint only validates a nonce,...

EUVD-2021-11368

Malware in sbrugna...

EUVD-2023-34049

Malicious code in bioql PyPI...