16 matches found
CVE-2026-13422
The CVE concerns the WordPress plugin HD Quiz (WordPress) versions 2.2.0–2.2.1. The root cause is missing or incorrect nonce validation in the hdq_validate_nonce function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to delete or modify quizzes and questions, create ...
CVE-2026-13422
The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...
EUVD-2015-9258
Malware in sbrugna...
EUVD-2024-46660
Malicious code in bioql PyPI...
CVE-2020-36504
The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog...
CVE-2015-9418
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the questionid parameter in the qsmbulkdeletequestionfromdatabase AJAX action, leading to a SQL injection exploitable by Contributors and above role 1 You will need a valid nonce for deletion of quiz questions. 2 Sign in as a...
WordPress Tutor LMS plugin <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability
Authenticated Instructor+ Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.1...
CVE-2022-4218
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...
Chained Quiz < 1.3.2.5 - Arbitrary Quiz Deletion & Copying via CSRF
The plugin does not have CSRF checks when deleting and copying quiz, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
CVE-2020-36504
The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog...
CVE-2020-36504 WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via CSRF
The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog...
WP-Pro-Quiz <= 0.37 - CSRF Leading to Arbitrary Quiz Deletion
Abusing this Cross-Site Request Forgery CSRF issue, an unauthenticated attacker could make a logged in admin delete any quiz on vulnerable website. The PoC will be displayed once the issue has been remediated...
CVE-2015-9418
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...
CVE-2015-9418
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...
Watu PRO 4.8.8.4 Cross Site Request Forgery
Details ================ Software: Watu PRO Version: 4.8.8.4 Homepage: http://calendarscripts.info/watupro/ Advisory report: https://security.dxw.com/advisories/csrf-in-watu-pro-allows-unauthenticated-attackers-to-delete-quizzes/ CVE: Awaiting assignment CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A...