Description The plugin is vulnerable to content injection due to improper capability checks on the quiz editing functionality in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with contributor access and above, to publish quizzes containing arbitrary content on the site without review.