Cross-Site Request Forgery Vulnerability in Quiz Maker by Ays Pro
CVE-2025-67595

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Quiz Maker
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-67595?

The Ays Pro Quiz Maker contains a Cross-Site Request Forgery (CSRF) vulnerability that enables unauthorized actions on behalf of authenticated users. This flaw affects versions of Quiz Maker up to and including 6.7.0.82, allowing attackers to exploit this weakness and perform unintended operations without user consent. It is crucial for users of the affected versions to apply necessary updates or implement security measures to safeguard against potential exploitation.

Affected Version(s)

Quiz Maker <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/quiz...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

Doan Dinh Van | Patchstack Bug Bounty Program

JSON