Stored Cross-Site Scripting Vulnerability in Quiz Maker Plugin for WordPress
CVE-2026-6817

5.8MEDIUM

Key Information:

Vendor: WordPress
Status: Quiz Maker By Ays
Vendor: CVE Published:; 2 May 2026

What is CVE-2026-6817?

The Quiz Maker plugin by AYS for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping via the 'rate_reason' parameter. This vulnerability permits unauthenticated attackers to implement arbitrary web scripts within pages, leading to potential execution whenever a user interacts with an affected page. It is crucial for users of the Quiz Maker plugin to ensure they are running an updated version and to follow best practices for web security.

Affected Version(s)

Quiz Maker by AYS 0 <= 6.7.1.29

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3513370/quiz...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

CHOIGYEONGMIN

CVE-2026-6817 Data

JSON