CVE-2026-13422
HD Quiz 2.2.0 - 2.2.1 - Cross-Site Request Forgery via Multiple AJAX Handlers
Description
The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdq_validate_nonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create new quizzes, and change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
INFO
Published Date :
June 27, 2026, 1:27 a.m.
Last Modified :
June 27, 2026, 1:27 a.m.
Remotely Exploit :
No
Source :
Wordfence
Solution
- Update the HD Quiz plugin to the latest version.
- Verify nonce validation is correctly implemented.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-13422 vulnerability anywhere in the article.