CVE-2026-32342
CSRF Vulnerability in Ays Pro Quiz Maker
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ays_pro | quiz_maker | to 6.7.1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32342 is a Cross-Site Request Forgery (CSRF) vulnerability found in the WordPress Quiz Maker Plugin versions up to and including 6.7.1.2.'}, {'type': 'paragraph', 'content': 'This vulnerability allows an attacker to trick a privileged user into performing unwanted actions by making them click a malicious link, visit a crafted page, or submit a form while authenticated.'}, {'type': 'paragraph', 'content': "The attacker exploits the user's authenticated session to execute these actions without their consent."}, {'type': 'paragraph', 'content': 'It is categorized under OWASP Top 10 A1: Broken Access Control.'}] [1]
How can this vulnerability impact me? :
The impact of this vulnerability is considered low severity with a CVSS score of 4.3.
An attacker could potentially force a privileged user to perform unwanted actions within the Quiz Maker plugin while authenticated.
However, exploitation requires user interaction, such as clicking a malicious link or submitting a form.
No significant or impactful threat is expected from this vulnerability.
Updating the plugin to version 6.7.1.3 or later mitigates the risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects WordPress Quiz Maker Plugin versions up to and including 6.7.1.2. Detection involves identifying if this vulnerable plugin version is installed on your system.'}, {'type': 'paragraph', 'content': 'You can check the installed plugin version by accessing your WordPress admin dashboard or by running commands on the server hosting WordPress.'}, {'type': 'list_item', 'content': 'Use WP-CLI command to check the plugin version: wp plugin list | grep quiz-maker'}, {'type': 'list_item', 'content': "Manually inspect the plugin version in the plugin's main PHP file located in wp-content/plugins/quiz-maker/"}, {'type': 'paragraph', 'content': 'Since this is a CSRF vulnerability requiring user interaction, network detection is difficult without monitoring for suspicious user actions or crafted requests targeting the plugin.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the WordPress Quiz Maker Plugin to version 6.7.1.3 or later, where the vulnerability has been patched.'}, {'type': 'paragraph', 'content': "Additionally, consider using Patchstack's mitigation tools which include auto-updates for vulnerable plugins to help prevent exploitation."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires a privileged user to perform an action, educating users to avoid clicking suspicious links or submitting untrusted forms can reduce risk.'}] [1]