Pressprimer Quiz Ai Quiz Maker Exam Builder Lms Assessment Plugin
Monthly
Unauthorized cross-teacher quiz rule tampering in the PressPrimer Quiz WordPress plugin (all versions ≤ 2.3.0) is possible via an IDOR flaw in the plugin's REST API, where the `rule_id` parameter is accepted without ownership validation. Any authenticated user holding a custom-level role or above - such as a teacher - can supply arbitrary `rule_id` values to modify or delete quiz rules belonging to other teachers. No public exploit is identified at time of analysis and the vulnerability is not listed in CISA KEV; the CVSS 3.1 score of 4.3 (PR:L, I:L) reflects the authentication requirement and integrity-only impact.
Unauthorized cross-teacher quiz rule tampering in the PressPrimer Quiz WordPress plugin (all versions ≤ 2.3.0) is possible via an IDOR flaw in the plugin's REST API, where the `rule_id` parameter is accepted without ownership validation. Any authenticated user holding a custom-level role or above - such as a teacher - can supply arbitrary `rule_id` values to modify or delete quiz rules belonging to other teachers. No public exploit is identified at time of analysis and the vulnerability is not listed in CISA KEV; the CVSS 3.1 score of 4.3 (PR:L, I:L) reflects the authentication requirement and integrity-only impact.