CVE-2026-24544

CVE-2026-24544 refers to a Missing Authorization vulnerability in Harmonic Design HD Quiz (WordPress plugin, hd-quiz) affecting versions up to and including 2.0.9. Root cause is misconfigured access control that can permit unauthorized actions. CVSS 3.1 base score 4.3 (Medium). Wordfence and patc...

EUVD-2021-30078

Malicious code in bioql PyPI...

EUVD-2025-3893

Malicious code in bioql PyPI...

EUVD-2024-3275

Malicious code in bioql PyPI...

EUVD-2022-51578

Malicious code in bioql PyPI...

CVE-2022-4218

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...

CVE-2022-4220

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquestions function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged...

CVE-2022-4213

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2022-4215

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2025-46242

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through = 3.4.3...

CVE-2025-27287 WordPress SS Quiz Plugin <= 2.0.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz ssquiz allows Object Injection.This issue affects SS Quiz: from n/a through = 2.0.5...

CVE-2025-30844

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bob Watu Quiz watu allows Reflected XSS.This issue affects Watu Quiz: from n/a through = 3.4.2...

PT-2025-14395 · Watu Quiz · Watu Quiz

Name of the Vulnerable Software and Affected Versions: Watu Quiz versions n/a through 3.4.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...

WordPress plugin Watu Quiz SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

SourceCodester Simple Realtime Quiz System 安全漏洞

SourceCodester Simple Realtime Quiz System is a real-time quiz system from SourceCodester, Inc. A security vulnerability exists in version 1.0 of the SourceCodester Simple Realtime Quiz System, which stems from an SQL injection vulnerability in the id parameter of the /managequiz.php file...

CVE-2023-0968 Watu Quiz <= 3.3.9 - Reflected Cross-Site Scripting

The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2022-47407

An issue was discovered in the fpmasterquiz aka Master-Quiz extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers...

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle modquiz, which stems from the ability to bypass operational bootstrapping...

CVE-2020-24609

TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie v...