The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the...
6.5CVSS
6.4AI Score
0.001EPSS
An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those...
6.5CVSS
6.4AI Score
0.001EPSS
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce...
7.5CVSS
7.4AI Score
0.002EPSS
The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at...
9.8CVSS
9.7AI Score
0.002EPSS
Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at...
8.8CVSS
8.9AI Score
0.001EPSS
The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name...
6.1CVSS
6AI Score
0.001EPSS
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options...
6.1CVSS
6AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php...
6.5CVSS
6.6AI Score
0.001EPSS
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage...
6.1CVSS
6AI Score
0.001EPSS
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant...
6.5CVSS
6.6AI Score
0.001EPSS
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular...
6.5AI Score
0.01EPSS
Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to...
6AI Score
0.003EPSS
SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to...
8.8AI Score
0.002EPSS
The Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delete...
6.6AI Score
0.001EPSS
The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified...
6.7AI Score
0.003EPSS