CVE-2020-36504

Name of the Vulnerable Software and Affected Versions: WP-Pro-Quiz versions 0.37 and earlier

Description: The issue concerns the lack of a CSRF check when deleting a quiz, which could allow an attacker to make a logged-in admin delete an arbitrary quiz on the blog. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations: For WP-Pro-Quiz versions 0.37 and earlier, update to a version that includes a CSRF check for quiz deletion to prevent unauthorized modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.