CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

160 matches found

CNNVD•added 2026/01/23 12:0 a.m.•2 views

WordPress plugin HD Quiz security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00046EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:14 a.m.•6 views

CVE-2016-10892

The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues...

6.1CVSS6.3AI score0.0019EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:31 a.m.•5 views

CVE-2023-25022

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Watu Quiz plugin = 3.3.8 versions...

5.9CVSS5.6AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:18 a.m.•7 views

CVE-2024-2640

The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors if they've been authorized by admins to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

6.8CVSS5.8AI score0.00377EPSS

Exploits1References1

NVD•added 2026/01/06 10:15 a.m.•4 views

CVE-2025-9637

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticat...

6.5CVSS0.00099EPSS

Exploits0References4

Vulnrichment•added 2026/01/06 9:20 a.m.•1 views

CVE-2025-9637 Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads

6.5CVSS5.1AI score0.00099EPSS

Exploits0References4

Exploit DB•added 2025/12/25 12:0 a.m.•191 views

Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie

Exploit Title: Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie Date: 19-12-2025 Exploit Author: Karuppiah Sabari Kumar0xsabre Vendor Homepage: https://wordpress.org/plugins/chained-quiz/ Software Link: https://downloads.wordpress.org/plugin/chained-quiz.1.3.3.zip...

5.3CVSS7AI score0.04001EPSS

Exploits2

Vulnrichment•added 2025/12/24 1:10 p.m.•2 views

CVE-2025-68587 WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through = 3.4.5...

4.3CVSS6.6AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2025/10/26 6:36 a.m.•2 views

CVE-2025-11238

The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. This makes it possible for unauthenticated...

7.2CVSS5.4AI score0.00145EPSS

Exploits0References1