Skip to main content

Pressprimer Quiz Ai Quiz Maker Exam Builder Lms Assessment Plugin

1 CVEs product

Monthly

CVE-2026-10623 MEDIUM This Month

Unauthorized cross-teacher quiz rule tampering in the PressPrimer Quiz WordPress plugin (all versions ≤ 2.3.0) is possible via an IDOR flaw in the plugin's REST API, where the `rule_id` parameter is accepted without ownership validation. Any authenticated user holding a custom-level role or above - such as a teacher - can supply arbitrary `rule_id` values to modify or delete quiz rules belonging to other teachers. No public exploit is identified at time of analysis and the vulnerability is not listed in CISA KEV; the CVSS 3.1 score of 4.3 (PR:L, I:L) reflects the authentication requirement and integrity-only impact.

Authentication Bypass WordPress Pressprimer Quiz Ai Quiz Maker Exam Builder Lms Assessment Plugin
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

Unauthorized cross-teacher quiz rule tampering in the PressPrimer Quiz WordPress plugin (all versions ≤ 2.3.0) is possible via an IDOR flaw in the plugin's REST API, where the `rule_id` parameter is accepted without ownership validation. Any authenticated user holding a custom-level role or above - such as a teacher - can supply arbitrary `rule_id` values to modify or delete quiz rules belonging to other teachers. No public exploit is identified at time of analysis and the vulnerability is not listed in CISA KEV; the CVSS 3.1 score of 4.3 (PR:L, I:L) reflects the authentication requirement and integrity-only impact.

Authentication Bypass WordPress Pressprimer Quiz Ai Quiz Maker Exam Builder Lms Assessment Plugin
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy