CVE Catalog

CVE-2026-10623

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 2.3.0 due to missing validation on the 'rule_id' parameter. This allows authenticated attackers with custom-level access and above to modify or delete quiz rules belonging to other teachers.

Risk Assessment

Attackers can unauthorizedly tamper with the quiz structure of other users, potentially leading to serious data integrity issues and a loss of trust in the educational system.

Recommendation

It is recommended to update the plugin to the latest version and implement additional validation mechanisms for user-controlled parameters to prevent unauthorized modifications.

Original NVD description (English source)

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'rule_id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with custom-level access and above, to modify or delete quiz rules belonging to other teachers, resulting in unauthorized tampering of another user's quiz structure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS