Quiz Project Security Vulnerabilities

CVE-2020-36504

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the...

CVE-2022-47407

An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those...

CVE-2022-44411

Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce...

CVE-2022-2410

The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2022-35422

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at...

CVE-2022-32991

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at...

CVE-2021-24701

The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...

CVE-2021-28007

Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name...

CVE-2021-28006

Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options...

CVE-2015-9389

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz...

CVE-2015-9387

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php...

CVE-2015-9386

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage...

CVE-2015-9388

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant...

CVE-2015-6736

The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular...

CVE-2014-100023

Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to...

CVE-2014-100022

SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to...

CVE-2014-6934

The Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2013-4500

The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delete...

CVE-2013-4501

The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified...