Plataforma
wordpress
Componente
quiz-maker
Corregido en
6.7.2
CVE-2026-32342 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Quiz Maker WordPress plugin. This flaw allows an attacker to trick a logged-in user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of quiz data. The vulnerability impacts versions from 0.0.0 up to and including 6.7.1.2, and a patch is available in version 6.7.1.3.
A successful CSRF attack could allow an attacker to modify quiz settings, delete quizzes, or even gain access to user accounts associated with the plugin. The attacker would need to craft a malicious request and entice the victim to click a link or visit a webpage containing the crafted request. The impact is amplified if the plugin is used in environments with sensitive quiz data or if user accounts have elevated privileges. While not directly leading to system compromise, CSRF can be a stepping stone for further attacks if combined with other vulnerabilities.
CVE-2026-32342 was publicly disclosed on 2026-03-13. There are currently no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Websites utilizing the Quiz Maker plugin, particularly those with user-generated quiz content or sensitive data, are at risk. Shared hosting environments where plugin updates are managed centrally are also vulnerable if they haven't applied the patch.
• wordpress / composer / npm:
grep -r 'ays_pro_quiz_maker' /var/www/html/wp-content/plugins/
wp plugin list | grep 'Quiz Maker'• generic web:
curl -I https://your-wordpress-site.com/ays-pro-quiz-maker/ | grep 'Server'disclosure
Estado del Exploit
EPSS
0.02% (3% percentil)
Vector CVSS
The primary mitigation for CVE-2026-32342 is to immediately upgrade the Quiz Maker plugin to version 6.7.1.3 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that all user input is properly validated and sanitized to prevent malicious data from being processed. Implement strict content security policies (CSP) to restrict the sources from which scripts can be executed.
Actualizar a la versión 6.7.1.3, o una versión parcheada más reciente
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-32342 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Quiz Maker WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using Quiz Maker versions 0.0.0 through 6.7.1.2. Upgrade to 6.7.1.3 or later to mitigate the risk.
Upgrade the Quiz Maker plugin to version 6.7.1.3 or later. Consider WAF rules and CSP as temporary mitigations if immediate upgrade is not possible.
Currently, there are no publicly known active exploitation campaigns, but monitoring is advised.
Refer to the official Quiz Maker website or WordPress plugin repository for the latest advisory and update information.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.