Description
The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the ays_quiz_check_answer AJAX action without proper authorization checks. The endpoint only validates a nonce, but that same nonce is publicly available to all site visitors via the quiz_maker_ajax_public localized script data. This makes it possible for unauthenticated attackers to extract sensitive data including quiz answers for any quiz question.
Published: 2025-11-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Immediate Patch
AI Analysis

Impact

The Quiz Maker plugin for WordPress is susceptible to a Sensitive Information Exposure vulnerability in all releases up to 6.7.0.80. The flaw allows unauthenticated users to retrieve quiz answers via the ays_quiz_check_answer AJAX action, which only validates a nonce that is openly available to anyone visiting the site. Without proper authorization checks, an attacker can obtain the correct answers for any quiz question, compromising the confidentiality of test content and potentially giving undue advantage to malicious participants. The weakness is classified as CWE‑200. The impact is that any visitor can access protected quiz data without legitimate credentials, thereby exposing confidential or proprietary information.

Affected Systems

This issue affects WordPress sites that have installed the ays‑pro Quiz Maker plugin, specifically versions 6.7.0.80 and earlier. Sites using the plugin via the official repository or downloading older releases are vulnerable. No specific WordPress core version is required; the flaw resides entirely within the plugin’s code.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS is listed as < 1%, suggesting a very low probability of exploitation at present. The vulnerability is not featured in the CISA KEV catalog. The attack surface is broad because any site visitor can discover the nonce and then call the AJAX action, meaning a threat actor only needs simple automated requests to harvest quiz answers. While the exploitation requires no privileged access, the data leakage can have significant consequences for educational or assessment platforms that rely on quiz integrity.

Generated by OpenCVE AI on April 21, 2026 at 18:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for updates or patches from ays-pro for Quiz Maker; install the latest version if available.
  • If updating is not an immediate option, restrict unauthenticated access to the ays_quiz_check_answer AJAX action, for example by adding a firewall rule or configuration in your web server.
  • Add or ensure proper authorization checks on the AJAX endpoint to validate user permissions before returning quiz answers.

Generated by OpenCVE AI on April 21, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*

Thu, 20 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Ays-pro
Ays-pro quiz Maker
Wordpress
Wordpress wordpress
Vendors & Products Ays-pro
Ays-pro quiz Maker
Wordpress
Wordpress wordpress

Wed, 19 Nov 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 19 Nov 2025 04:45:00 +0000

Type Values Removed Values Added
Description The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the ays_quiz_check_answer AJAX action without proper authorization checks. The endpoint only validates a nonce, but that same nonce is publicly available to all site visitors via the quiz_maker_ajax_public localized script data. This makes it possible for unauthenticated attackers to extract sensitive data including quiz answers for any quiz question.
Title Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Ays-pro Quiz Maker
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:18:43.460Z

Reserved: 2025-10-28T18:42:24.408Z

Link: CVE-2025-12426

cve-icon Vulnrichment

Updated: 2025-11-19T20:11:42.165Z

cve-icon NVD

Status : Analyzed

Published: 2025-11-19T05:16:02.477

Modified: 2025-12-12T16:13:30.407

Link: CVE-2025-12426

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T18:15:36Z

Weaknesses