Primary

Context

Quiz Maker WordPress Plugin Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

Patched

A vulnerability allowing unauthenticated users to execute arbitrary shortcodes has been identified in the Quiz Maker WordPress plugin. This issue affects the Business, Developer, and Agency versions of the plugin, all prior to the latest patched releases. The vulnerability arises because the plugin does not properly validate values before executing shortcodes, allowing for unauthorized shortcode execution.

Impact

Exploitation of this vulnerability could lead to unauthorized users executing arbitrary shortcodes, potentially allowing them to inject malicious content or execute harmful actions on the WordPress site.

Remediation

Users are advised to update the Quiz Maker plugin to version 31.8.0.100 for Agency, 21.8.0.100 for Developer, or 8.8.0.100 for Business.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quiz Maker WordPress Plugin Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ays Pro Quiz Maker Business

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating