Every CVE whose affected-product data names Ays-pro Quiz Maker, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2024-6028 — CVSS 9.8 (critical): The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and…
CVE-2025-30774 — CVSS 8.2 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker quiz-maker allows…
CVE-2024-10628 — CVSS 7.5 (high): The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all…
CVE-2021-24456 — CVSS 7.2 (high): The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in…
CVE-2024-22027 — CVSS 6.5 (medium): Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a…
CVE-2023-2571 — CVSS 6.1 (medium): The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to…
CVE-2023-6166 — CVSS 6.1 (medium): The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected…
CVE-2025-10042 — CVSS 5.9 (medium): The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56…
CVE-2023-6155 — CVSS 5.3 (medium): The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an…
CVE-2024-1079 — CVSS 5.3 (medium): The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the…
CVE-2025-12426 — CVSS 5.3 (medium): The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is…
CVE-2025-58015 — CVSS 5.3 (medium): Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker quiz-maker allows Retrieve…
CVE-2024-8617 — CVSS 4.8 (medium): The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users…
CVE-2025-67595 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz…
CVE-2025-58014 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz…
CVE-2024-1078 — CVSS 4.3 (medium): The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…
CVE-2023-23985 — CVSS 3.7 (low): Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.