Beta

Report

Wp-Pro-Quiz <= 0.37 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability

Unauthenticated
Published
2020-06-21

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog

CVE

https://www.cve.org/CVERecord?id=CVE-2020-36504

CVSS

Score:5.4

Severity:Medium

Version: 0.37

The plugin vendor has not patched this vulnerability at the moment.