Platform
wordpress
Component
quiz-maker
Fixed in
6.7.2
CVE-2026-32342 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Quiz Maker WordPress plugin. This flaw allows an attacker to trick a logged-in user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of quiz data. The vulnerability impacts versions from 0.0.0 up to and including 6.7.1.2, and a patch is available in version 6.7.1.3.
A successful CSRF attack could allow an attacker to modify quiz settings, delete quizzes, or even gain access to user accounts associated with the plugin. The attacker would need to craft a malicious request and entice the victim to click a link or visit a webpage containing the crafted request. The impact is amplified if the plugin is used in environments with sensitive quiz data or if user accounts have elevated privileges. While not directly leading to system compromise, CSRF can be a stepping stone for further attacks if combined with other vulnerabilities.
CVE-2026-32342 was publicly disclosed on 2026-03-13. There are currently no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Exploit Status
EPSS
0.02% (3% percentile)
CVSS Vector
The primary mitigation for CVE-2026-32342 is to immediately upgrade the Quiz Maker plugin to version 6.7.1.3 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that all user input is properly validated and sanitized to prevent malicious data from being processed. Implement strict content security policies (CSP) to restrict the sources from which scripts can be executed.
Update to version 6.7.1.3, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32342 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Quiz Maker WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using Quiz Maker versions 0.0.0 through 6.7.1.2. Upgrade to 6.7.1.3 or later to mitigate the risk.
Upgrade the Quiz Maker plugin to version 6.7.1.3 or later. Consider WAF rules and CSP as temporary mitigations if immediate upgrade is not possible.
Currently, there are no publicly known active exploitation campaigns, but monitoring is advised.
Refer to the official Quiz Maker website or WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.