CVE-2025-12426
📋 TL;DR
The Quiz Maker WordPress plugin exposes quiz answers to unauthenticated attackers through an AJAX endpoint with insufficient authorization. This vulnerability allows anyone to extract sensitive quiz data from any quiz on affected sites. All WordPress sites using Quiz Maker versions up to 6.7.0.80 are affected.
💻 Affected Systems
- Quiz Maker WordPress Plugin
📦 What is this software?
Quiz Maker by Ays Pro
⚠️ Risk & Real-World Impact
Worst Case
Attackers harvest all quiz answers, compromising intellectual property, training materials, or assessment content, potentially leading to data breaches or competitive advantage loss.
Likely Case
Unauthenticated users extract quiz answers to cheat on assessments, bypass learning verification, or gather proprietary content.
If Mitigated
With proper access controls, only authorized users can access quiz answers, maintaining assessment integrity and data confidentiality.
🎯 Exploit Status
Exploitation requires minimal technical skill - attackers can craft HTTP requests to the vulnerable AJAX endpoint using publicly available nonce values.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.7.0.81 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3200000%40quiz-maker%2Ftrunk&old=3199999%40quiz-maker%2Ftrunk
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Quiz Maker plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Disable Quiz Maker Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate quiz-maker
Restrict AJAX Endpoint Access
linuxBlock access to the vulnerable AJAX endpoint via web application firewall or .htaccess
# Add to .htaccess:
RewriteCond %{QUERY_STRING} ays_quiz_check_answer [NC]
RewriteRule ^wp-admin/admin-ajax\.php$ - [F,L]
🧯 If You Can't Patch
- Implement web application firewall rules to block requests containing 'ays_quiz_check_answer' parameter
- Monitor for unusual AJAX requests to admin-ajax.php with quiz-related parameters
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Quiz Maker → Version. If version is 6.7.0.80 or lower, system is vulnerable.Check Version:
wp plugin get quiz-maker --field=versionVerify Fix Applied:
After updating, verify plugin version is 6.7.0.81 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to /wp-admin/admin-ajax.php with 'action=ays_quiz_check_answer' parameter
- Unusual AJAX requests from unauthenticated IP addresses
Network Indicators:
- HTTP POST requests to admin-ajax.php with quiz answer parameters
- Traffic patterns showing systematic extraction of quiz data
SIEM Query:
source="web_logs" AND uri_path="/wp-admin/admin-ajax.php" AND query_string="*ays_quiz_check_answer*"🔗 References
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.69/includes/class-quiz-maker.php#L393
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.69/public/class-quiz-maker-public.php#L179
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.69/public/class-quiz-maker-public.php#L8490
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bc524e3e-9b7c-47ae-ab44-c327b287b81a?source=cve
