Which Quiz Maker by AYS CVEs are tracked?

Quiz Maker by AYS tracked CVEs include CVE-2024-6028, CVE-2025-30774, CVE-2024-10628, CVE-2024-10633, and CVE-2024-10574.

How many Quiz Maker by AYS vulnerabilities have patch guidance?

25 of 25 tracked Quiz Maker by AYS records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 25 known issues Latest disclosed May 01, 2026

Quiz Maker by AYS Vulnerabilities

Review known vulnerability records for the WordPress plugin Quiz Maker by AYS (`quiz-maker`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-6817, CVE-2026-2384 and CVE-2026-32342, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

May 01, 2026

Priority CVE Quick Links

Fast paths into Quiz Maker by AYS CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-6028 Critical 6.5.8.4

CVE-2024-6028 Quiz Maker by AYS SQL Injection

Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter

CVE-2025-30774 High 6.6.8.8

CVE-2025-30774 Quiz Maker by AYS SQL Injection

Quiz Maker <= 6.6.8.7 - Unauthenticated SQL Injection

CVE-2024-10628 High 21.8.0.100

CVE-2024-10628 Quiz Maker by AYS SQL Injection

Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id

CVE-2024-10633 High 21.8.0.100

CVE-2024-10633 Quiz Maker by AYS Vulnerability

Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content

CVE-2024-10574 High 21.8.0.100

CVE-2024-10574 Quiz Maker by AYS Stored Cross-Site Scripting

Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and Stored Cross-Site Scripting

CVE-2021-24456 High 6.2.0.9

CVE-2021-24456 Quiz Maker by AYS SQL Injection

Quiz Maker <= 6.2.0.8 - SQL Injection

CVE-2026-2384 Medium 6.7.1.8

CVE-2026-2384 Quiz Maker by AYS Stored Cross-Site Scripting

Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE-2024-10636 Medium 21.8.0.100

CVE-2024-10636 Quiz Maker by AYS Cross-Site Scripting

Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Quiz Maker by AYS so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

25 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

1 critical and 5 high severity findings.

Recent CVEs

CVE-2026-6817, CVE-2026-2384 and CVE-2026-32342

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-6817 Medium Patch path listed

CVE-2026-6817: Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting via 'rate_reason'

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient inp...

Published

May 01, 2026

Patch Status

6.7.1.30

Open CVE-2026-6817 Report

CVE-2026-2384 Medium Patch path listed

CVE-2026-2384: Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient i...

Published

Feb 19, 2026

Patch Status

6.7.1.8

Open CVE-2026-2384 Report

CVE-2026-32342 Medium Patch path listed

CVE-2026-32342: Quiz Maker <= 6.7.1.2 - Cross-Site Request Forgery

The Quiz Maker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7.1.2. This is due to missing or incorrect nonce validation on a function....

Published

Feb 10, 2026

Patch Status

6.7.1.3

Open CVE-2026-32342 Report

Known Vulnerabilities

Reports for Quiz Maker by AYS

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-6817

CVE-2026-6817: Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting via 'rate_reason'

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

Published

May 01, 2026

Patched Release

6.7.1.30

Affected Versions

Versions up to 6.7.1.29

Next Step

Update to 6.7.1.30 or newer if supported.

Open CVE-2026-6817 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2026-2384

CVE-2026-2384: Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

Published

Feb 19, 2026

Patched Release

6.7.1.8

Affected Versions

Versions up to 6.7.1.7

Next Step

Update to 6.7.1.8 or newer if supported.

Open CVE-2026-2384 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2026-32342

CVE-2026-32342: Quiz Maker <= 6.7.1.2 - Cross-Site Request Forgery

The Quiz Maker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7.1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action vi...

Published

Feb 10, 2026

Patched Release

6.7.1.3

Affected Versions

Versions up to 6.7.1.2

Next Step

Update to 6.7.1.3 or newer if supported.

Open CVE-2026-32342 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-14579

CVE-2025-14579: Quiz Maker <= 6.7.0.88 - Authenticated (Admin+) Stored Cross-Site Scripting

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.7.0.88 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, t...

Published

Dec 22, 2025

Patched Release

6.7.0.89

Affected Versions

Versions up to 6.7.0.88

Next Step

Update to 6.7.0.89 or newer if supported.

Open CVE-2025-14579 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-67595

CVE-2025-67595: Quiz Maker <= 6.7.0.82 - Cross-Site Request Forgery

The Quiz Maker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.0.82. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized acti...

Published

Dec 02, 2025

Patched Release

6.7.0.83

Affected Versions

Versions up to 6.7.0.82

Next Step

Update to 6.7.0.83 or newer if supported.

Open CVE-2025-67595 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-12426

CVE-2025-12426: Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure

The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the ays_quiz_check_answer AJAX action without proper authorization checks. The endpoint only...

Published

Nov 18, 2025

Patched Release

6.7.0.81

Affected Versions

Versions up to 6.7.0.80

Next Step

Update to 6.7.0.81 or newer if supported.

Open CVE-2025-12426 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-58015

CVE-2025-58015: Quiz Maker <= 6.7.0.65 - Unauthenticated Sensitive Information Exposure

The Quiz Maker Business plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.65. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Published

Sep 22, 2025

Patched Release

6.7.0.66

Affected Versions

Versions up to 6.7.0.65

Next Step

Update to 6.7.0.66 or newer if supported.

Open CVE-2025-58015 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-58014

CVE-2025-58014: Quiz Maker <= 6.7.0.64 - Cross-Site Request Forgery

The Quiz Maker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7.0.64. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action v...

Published

Sep 22, 2025

Patched Release

6.7.0.65

Affected Versions

Versions up to 6.7.0.64

Next Step

Update to 6.7.0.65 or newer if supported.

Open CVE-2025-58014 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-10042

CVE-2025-10042: Quiz Maker <= 6.7.0.56 - Unauthenticated SQL Injection

The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

Published

Sep 16, 2025

Patched Release

6.7.0.57

Affected Versions

Versions up to 6.7.0.56

Next Step

Update to 6.7.0.57 or newer if supported.

Open CVE-2025-10042 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-30774

CVE-2025-30774: Quiz Maker <= 6.6.8.7 - Unauthenticated SQL Injection

The Quiz Maker plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.6.8.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attack...

Published

Mar 29, 2025

Patched Release

6.6.8.8

Affected Versions

Versions up to 6.6.8.7

Next Step

Update to 6.6.8.8 or newer if supported.

Open CVE-2025-30774 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-10628

CVE-2024-10628: Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficie...

Published

Jan 25, 2025

Patched Release

21.8.0.100

Affected Versions

20.0.0 through 21.8.0

Next Step

Update to 21.8.0.100 or newer if supported.

Open CVE-2024-10628 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-10636

CVE-2024-10636: Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Age...

Published

Jan 25, 2025

Patched Release

21.8.0.100

Affected Versions

20.0.0 through 21.8.0

Next Step

Update to 21.8.0.100 or newer if supported.

Open CVE-2024-10636 Report Open CVE Reference