Ays-pro Quiz_maker
17 CVEs affecting Ays-pro Quiz_maker. Latest disclosed: 2025-12-09. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-6028 | Critical | 9.8 | 2024-06-25 | The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 d… |
CVE-2025-30774 | High | 8.2 | 2025-04-01 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker quiz-maker allows SQL Injection.This i… |
CVE-2024-10628 | High | 7.5 | 2025-01-26 | The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including… |
CVE-2021-24456 | High | 7.2 | 2021-08-02 | The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leadi… |
CVE-2024-22027 | Medium | 6.5 | 2024-01-12 | Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (… |
CVE-2023-6166 | Medium | 6.1 | 2023-12-26 | The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting |
CVE-2023-2571 | Medium | 6.1 | 2023-06-05 | The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scrip… |
CVE-2025-10042 | Medium | 5.9 | 2025-09-17 | The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient es… |
CVE-2025-12426 | Medium | 5.3 | 2025-11-19 | The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin e… |
CVE-2025-58015 | Medium | 5.3 | 2025-09-22 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker quiz-maker allows Retrieve Embedded Sensitive Da… |
CVE-2024-1079 | Medium | 5.3 | 2024-02-07 | The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all ve… |
CVE-2023-6155 | Medium | 5.3 | 2023-12-26 | The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacke… |
CVE-2024-8617 | Medium | 4.8 | 2025-05-15 | The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perfo… |
CVE-2025-67595 | Medium | 4.3 | 2025-12-09 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a thro… |
CVE-2025-58014 | Medium | 4.3 | 2025-09-22 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a thro… |
CVE-2024-1078 | Medium | 4.3 | 2024-02-07 | The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_quest… |
CVE-2023-23985 | Low | 3.7 | 2024-04-24 | Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. |