Lucene search
K

16 matches found

CVE
CVE
added 2026/06/27 1:27 a.m.19 views

CVE-2026-13422

The CVE concerns the WordPress plugin HD Quiz (WordPress) versions 2.2.0–2.2.1. The root cause is missing or incorrect nonce validation in the hdq_validate_nonce function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to delete or modify quizzes and questions, create ...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2026/06/27 1:27 a.m.10 views

CVE-2026-13422

The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References17Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-9258

Malware in sbrugna...

5.8CVSS4.9AI score0.00556EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46660

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00343EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 p.m.5 views

CVE-2020-36504

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog...

6.5CVSS6.9AI score0.00647EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 2:26 a.m.9 views

CVE-2015-9418

The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...

5.8CVSS7AI score0.00556EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/06/10 12:0 a.m.171 views

Quiz And Survey Master < 9.0.2 - Contributor+ SQLi

Description The plugin is vulnerable does not validate and escape the questionid parameter in the qsmbulkdeletequestionfromdatabase AJAX action, leading to a SQL injection exploitable by Contributors and above role 1 You will need a valid nonce for deletion of quiz questions. 2 Sign in as a...

8.1AI score0.00591EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/06/07 2:51 a.m.4 views

WordPress Tutor LMS plugin <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability

Authenticated Instructor+ Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.1...

4.3CVSS7AI score0.00343EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/12/02 9:15 p.m.6 views

CVE-2022-4218

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...

4.3CVSS5.6AI score0.00422EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.15 views

Chained Quiz < 1.3.2.5 - Arbitrary Quiz Deletion & Copying via CSRF

The plugin does not have CSRF checks when deleting and copying quiz, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

5.4CVSS6AI score0.00422EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/11/01 9:15 a.m.2 views

CVE-2020-36504

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog...

6.5CVSS5.9AI score0.00647EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/11/01 8:45 a.m.18 views

CVE-2020-36504 WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via CSRF

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog...

6.5AI score0.00647EPSS
Exploits1References2
wpexploit
wpexploit
added 2020/06/22 12:0 a.m.33 views

WP-Pro-Quiz <= 0.37 - CSRF Leading to Arbitrary Quiz Deletion

Abusing this Cross-Site Request Forgery CSRF issue, an unauthenticated attacker could make a logged in admin delete any quiz on vulnerable website. The PoC will be displayed once the issue has been remediated...

1.8AI score
Exploits0References1
NVD
NVD
added 2019/09/26 12:15 a.m.19 views

CVE-2015-9418

The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...

5.8CVSS4.7AI score0.00556EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/09/25 11:48 p.m.23 views

CVE-2015-9418

The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...

4.7AI score0.00556EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2015/09/01 12:0 a.m.28 views

Watu PRO 4.8.8.4 Cross Site Request Forgery

Details ================ Software: Watu PRO Version: 4.8.8.4 Homepage: http://calendarscripts.info/watupro/ Advisory report: https://security.dxw.com/advisories/csrf-in-watu-pro-allows-unauthenticated-attackers-to-delete-quizzes/ CVE: Awaiting assignment CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A...

0.5AI score
Exploits0
Rows per page
Query Builder