Description
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.
Published: 2026-03-13
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Request Forgery
Action: Apply Patch
AI Analysis

Impact

The vulnerability exists in the Ays Pro Quiz Maker plugin for WordPress and is classified as a Cross‑Site Request Forgery (CWE‑352). It allows an attacker to request actions on the site where a user is authenticated, potentially executing actions without the user’s explicit permission. The CVE description does not specify the exact operations that could be performed, so the impact is limited to the fact that any action that the authenticated user can perform via the plugin may be forced by an external request.

Affected Systems

WordPress installations using the Ays Pro Quiz Maker plugin version 6.7.1.2 or earlier are affected. This includes every site that has not upgraded past that version.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate potential impact, while the EPSS score of less than 1% suggests a currently low likelihood of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Since CSRF attacks are generally performed from an external web page that the victim visits, the attack vector is inferred to be remote and web‑based.

Generated by OpenCVE AI on March 17, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest version of the Ays Pro Quiz Maker plugin (any release newer than 6.7.1.2).
  • Verify the plugin version by checking the plugins page in the WordPress admin area.

Generated by OpenCVE AI on March 17, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Ays-pro
Ays-pro quiz Maker
Wordpress
Wordpress wordpress
Vendors & Products Ays-pro
Ays-pro quiz Maker
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.
Title WordPress Quiz Maker plugin <= 6.7.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References

Subscriptions

Ays-pro Quiz Maker
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:55.585Z

Reserved: 2026-03-12T11:10:35.809Z

Link: CVE-2026-32342

cve-icon Vulnrichment

Updated: 2026-03-17T14:10:19.224Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:45.387

Modified: 2026-03-17T15:16:18.970

Link: CVE-2026-32342

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:13Z

Weaknesses