WordPress Plugin Vulnerabilities

Quiz Expert – Easy Quiz Maker, Exam and Test Manager <= 1.5.0 - Cross-Site Request Forgery

Description

The plugin does not adequately verify requests, leading to a Cross-Site Request Forgery (CSRF) vulnerability.

Affects Plugins

Plugin icon
quiz-expert
No known fix

References

CVE
CVE-2023-36522
URL
https://patchstack.com/database/vulnerability/quiz-expert/wordpress-quiz-expert-easy-quiz-maker-exam-and-test-manager-plugin-1-5-0-cross-site-request-forgery-csrf

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
NeginNrb
Verified
No
WPVDB ID
188fd717-c602-46a6-9966-101d844f190b

Timeline

Publicly Published
2023-06-27 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2022-08-01
Title
MailerLite - Signup forms (official) < 1.5.8 - API Key Update via CSRF
Published
2025-06-05
Title
WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function
Published
2025-11-20
Title
Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion
Published
2019-06-27
Title
WP Better Permalinks <= 3.0.4 - CSRF allowing Option Update
Published
2025-12-07
Title
Salon booking system < 10.30.4 - Cross-Site Request Forgery