CVE-2026-32342
Received Received - Intake
CSRF Vulnerability in Ays Pro Quiz Maker

Publication date: 2026-03-13

Last updated on: 2026-03-17

Assigner: Patchstack

Description
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-14
NVD
CVE-2026-32342
EUVD
EUVD-2026-11826
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ays_pro quiz_maker to 6.7.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32342 is a Cross-Site Request Forgery (CSRF) vulnerability found in the WordPress Quiz Maker Plugin versions up to and including 6.7.1.2.'}, {'type': 'paragraph', 'content': 'This vulnerability allows an attacker to trick a privileged user into performing unwanted actions by making them click a malicious link, visit a crafted page, or submit a form while authenticated.'}, {'type': 'paragraph', 'content': "The attacker exploits the user's authenticated session to execute these actions without their consent."}, {'type': 'paragraph', 'content': 'It is categorized under OWASP Top 10 A1: Broken Access Control.'}] [1]

Impact Analysis

The impact of this vulnerability is considered low severity with a CVSS score of 4.3.

An attacker could potentially force a privileged user to perform unwanted actions within the Quiz Maker plugin while authenticated.

However, exploitation requires user interaction, such as clicking a malicious link or submitting a form.

No significant or impactful threat is expected from this vulnerability.

Updating the plugin to version 6.7.1.3 or later mitigates the risk.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability affects WordPress Quiz Maker Plugin versions up to and including 6.7.1.2. Detection involves identifying if this vulnerable plugin version is installed on your system.'}, {'type': 'paragraph', 'content': 'You can check the installed plugin version by accessing your WordPress admin dashboard or by running commands on the server hosting WordPress.'}, {'type': 'list_item', 'content': 'Use WP-CLI command to check the plugin version: wp plugin list | grep quiz-maker'}, {'type': 'list_item', 'content': "Manually inspect the plugin version in the plugin's main PHP file located in wp-content/plugins/quiz-maker/"}, {'type': 'paragraph', 'content': 'Since this is a CSRF vulnerability requiring user interaction, network detection is difficult without monitoring for suspicious user actions or crafted requests targeting the plugin.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the WordPress Quiz Maker Plugin to version 6.7.1.3 or later, where the vulnerability has been patched.'}, {'type': 'paragraph', 'content': "Additionally, consider using Patchstack's mitigation tools which include auto-updates for vulnerable plugins to help prevent exploitation."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires a privileged user to perform an action, educating users to avoid clicking suspicious links or submitting untrusted forms can reduce risk.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart