Ays Pro Plugins Quiz Maker Agency vulnerabilities

4 known vulnerabilities affecting ays_pro_plugins/quiz_maker_agency.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-10628HIGHCVSS 7.5≥ 30.0.0, ≤ 31.8.02025-01-26
CVE-2024-10628 [HIGH] CWE-89 CVE-2024-10628: The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparati
cvelistv5nvd
CVE-2024-10633HIGHCVSS 7.3≥ *, ≤ 31.8.02025-01-26
CVE-2024-10633 [HIGH] CWE-95 CVE-2024-10633: The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shor The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This is due to the software allowing users to execute an action that does not properly validate a
cvelistv5nvd
CVE-2024-10574HIGHCVSS 7.2≥ *, ≤ 31.8.02025-01-26
CVE-2024-10574 [HIGH] CWE-862 CVE-2024-10574: The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized m The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes i
cvelistv5nvd
CVE-2024-10636MEDIUMCVSS 6.1≥ *, ≤ 31.8.02025-01-26
CVE-2024-10636 [MEDIUM] CWE-79 CVE-2024-10636: The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cros The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. This ma
cvelistv5nvd