Lucene search
K

12 matches found

NVD
NVD
added 2026/06/27 2:16 a.m.9 views

CVE-2026-13422

The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...

4.3CVSS0.00179EPSS
Exploits0References16
CVE
CVE
added 2026/06/27 1:27 a.m.18 views

CVE-2026-13422

The CVE concerns the WordPress plugin HD Quiz (WordPress) versions 2.2.0–2.2.1. The root cause is missing or incorrect nonce validation in the hdq_validate_nonce function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to delete or modify quizzes and questions, create ...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.8 views

WordPress plugin HD Quiz security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2021-11483

Malware in sbrugna...

5.4CVSS5.6AI score0.00624EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.11 views

CVE-2021-24571

The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues...

5.4CVSS5.9AI score0.00624EPSS
Exploits2References1
NVD
NVD
added 2025/05/15 8:15 p.m.7 views

CVE-2024-13383

The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.10 views

CVE-2024-13383 HD Quiz < 2.0.0 - Editor+ Stored XSS

The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00266EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.36 views

CVE-2024-13383

The CVE-2024-13383 entry concerns the WordPress HD Quiz plugin (pre-2.0.0). The root cause is lack of proper sanitisation/escaping of certain plugin settings, which can allow Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.5 views

PT-2025-21455 · WordPress · Hd Quiz

Name of the Vulnerable Software and Affected Versions: HD Quiz WordPress plugin version prior to 2.0.0 Description: The issue concerns the HD Quiz WordPress plugin, where versions prior to 2.0.0 do not properly sanitise and escape some of its settings. This could allow high privilege users, such ...

4.8CVSS4.6AI score0.00266EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/01/31 6:4 p.m.27 views

CVE-2024-22161 WordPress HD Quiz Plugin <= 1.8.11 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harmonic Design HD Quiz allows Stored XSS.This issue affects HD Quiz: from n/a through 1.8.11...

5.9CVSS5.9AI score0.00316EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/01/16 12:0 a.m.11 views

WordPress HD Quiz Plugin <= 1.8.11 is vulnerable to Cross Site Scripting (XSS)

Software HD Quiz Type Plugin Vulnerable versions = 1.8.11 Fixed in 1.8.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22161 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b20e08ed859a Credits MyungJu Kim Required privilege Administrator...

5.9CVSS6.6AI score0.00316EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/07/26 12:0 a.m.23 views

WordPress HD Quiz plugin <= 1.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress HD Quiz plugin versions = 1.8.3. Solution Update the WordPress HD Quiz plugin to the latest available version at least 1.8.4...

5.4CVSS1.5AI score0.00624EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder