Ays-pro

Quiz Maker

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-67595

  • EPSS 0.01%
  • Veröffentlicht 09.12.2025 14:14:18
  • Zuletzt bearbeitet 10.12.2025 21:14:17

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82.

7.5

CVE-2025-12426

  • EPSS 0.07%
  • Veröffentlicht 19.11.2025 04:28:19
  • Zuletzt bearbeitet 12.12.2025 16:13:30

The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the ays_quiz_check_answer AJAX action without proper authoriza...

7.5

CVE-2025-58015

  • EPSS 0.04%
  • Veröffentlicht 22.09.2025 18:24:05
  • Zuletzt bearbeitet 12.12.2025 19:53:19

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61.

4.3

CVE-2025-58014

  • EPSS 0.02%
  • Veröffentlicht 22.09.2025 18:24:05
  • Zuletzt bearbeitet 12.12.2025 19:54:44

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker allows Cross Site Request Forgery. This issue affects Quiz Maker: from n/a through 6.7.0.61.

5.9

CVE-2025-10042

  • EPSS 0.11%
  • Veröffentlicht 17.09.2025 05:18:44
  • Zuletzt bearbeitet 17.09.2025 14:18:55

The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

4.8

CVE-2024-8617

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.05.2025 20:15:58
  • Zuletzt bearbeitet 04.06.2025 20:08:32

The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow...

8.2

CVE-2025-30774

  • EPSS 0.03%
  • Veröffentlicht 01.04.2025 06:15:50
  • Zuletzt bearbeitet 01.04.2025 20:26:11

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7.

7.5

CVE-2024-10628

Exploit
  • EPSS 0.43%
  • Veröffentlicht 26.01.2025 06:15:22
  • Zuletzt bearbeitet 27.09.2025 00:16:26

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31....

9.8

CVE-2024-6028

  • EPSS 80.45%
  • Veröffentlicht 25.06.2024 09:15:57
  • Zuletzt bearbeitet 21.11.2024 09:48:47

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

3.7

CVE-2023-23985

  • EPSS 0.07%
  • Veröffentlicht 24.04.2024 11:15:46
  • Zuletzt bearbeitet 21.11.2024 07:47:12

Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.