CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30774 – WordPress Quiz Maker plugin <= 6.6.8.7 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-30774
29 Mar 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7. The Quiz Maker plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.6.8.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL que... • https://patchstack.com/database/wordpress/plugin/quiz-maker/vulnerability/wordpress-quiz-maker-plugin-6-6-8-7-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23985 – WordPress Quiz Maker plugin <= 6.3.9.4 - Content Spoofing
https://notcve.org/view.php?id=CVE-2023-23985
20 Jan 2023 — Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. Vulnerabilidad de autorización faltante en el equipo de Quiz Maker Quiz Maker. Este problema afecta a Quiz Maker: desde n/a hasta 6.3.9.4. The Quiz Maker plugin for WordPress is vulnerable to content spoofing in versions up to, and including 6.3.9.4. This makes it possible for unauthenticated attackers to inject content that may alter the content and display of select pages. • https://patchstack.com/database/vulnerability/quiz-maker/wordpress-quiz-maker-plugin-6-3-9-4-content-spoofing?_s_id=cve • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-862: Missing Authorization •