PT-2025-38302 · WordPress · Chained Quiz

Karuppiah Sabari Kumar

Published

2025-09-18

Updated

2025-09-19

CVE-2025-10493

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Chained Quiz plugin for WordPress versions 1.3.4 and below

Description The Chained Quiz plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in versions 1.3.4 and below. This flaw resides in the quiz submission and completion mechanisms due to a lack of validation on a user-controlled key. Unauthenticated attackers can exploit this to hijack and modify other users' quiz attempts by manipulating the chained completion id cookie value. This allows attackers to alter quiz answers, scores, and results for any user.

Recommendations Update the Chained Quiz plugin to a version newer than 1.3.4.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-10493

Affected Products

Chained Quiz

PT-2025-38302 · WordPress · Chained Quiz

CVE-2025-10493

Weakness Enumeration

Related Identifiers

Affected Products

References · 11