WordPress · Chained Quiz · CVE-2025-10493
**Name of the Vulnerable Software and Affected Versions**
Chained Quiz plugin for WordPress versions 1.3.4 and below
**Description**
The Chained Quiz plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in versions 1.3.4 and below. This flaw resides in the quiz submission and completion mechanisms due to a lack of validation on a user-controlled key. Unauthenticated attackers can exploit this to hijack and modify other users' quiz attempts by manipulating the `chained completion id` cookie value. This allows attackers to alter quiz answers, scores, and results for any user.
**Recommendations**
Update the Chained Quiz plugin to a version newer than 1.3.4.