CVE-2026-32342
CSRF Vulnerability in Ays Pro Quiz Maker
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ays_pro | quiz_maker | to 6.7.1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability is considered low severity with a CVSS score of 4.3.
An attacker could potentially force a privileged user to perform unwanted actions within the Quiz Maker plugin while authenticated.
However, exploitation requires user interaction, such as clicking a malicious link or submitting a form.
No significant or impactful threat is expected from this vulnerability.
Updating the plugin to version 6.7.1.3 or later mitigates the risk.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32342 is a Cross-Site Request Forgery (CSRF) vulnerability found in the WordPress Quiz Maker Plugin versions up to and including 6.7.1.2.'}, {'type': 'paragraph', 'content': 'This vulnerability allows an attacker to trick a privileged user into performing unwanted actions by making them click a malicious link, visit a crafted page, or submit a form while authenticated.'}, {'type': 'paragraph', 'content': "The attacker exploits the user's authenticated session to execute these actions without their consent."}, {'type': 'paragraph', 'content': 'It is categorized under OWASP Top 10 A1: Broken Access Control.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects WordPress Quiz Maker Plugin versions up to and including 6.7.1.2. Detection involves identifying if this vulnerable plugin version is installed on your system.'}, {'type': 'paragraph', 'content': 'You can check the installed plugin version by accessing your WordPress admin dashboard or by running commands on the server hosting WordPress.'}, {'type': 'list_item', 'content': 'Use WP-CLI command to check the plugin version: wp plugin list | grep quiz-maker'}, {'type': 'list_item', 'content': "Manually inspect the plugin version in the plugin's main PHP file located in wp-content/plugins/quiz-maker/"}, {'type': 'paragraph', 'content': 'Since this is a CSRF vulnerability requiring user interaction, network detection is difficult without monitoring for suspicious user actions or crafted requests targeting the plugin.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the WordPress Quiz Maker Plugin to version 6.7.1.3 or later, where the vulnerability has been patched.'}, {'type': 'paragraph', 'content': "Additionally, consider using Patchstack's mitigation tools which include auto-updates for vulnerable plugins to help prevent exploitation."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires a privileged user to perform an action, educating users to avoid clicking suspicious links or submitting untrusted forms can reduce risk.'}] [1]