CVE-2026-10623
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 2.3.0 due to missing validation on the 'rule_id' parameter. This allows authenticated attackers with custom-level access and above to modify or delete quiz rules belonging to other teachers.
Risk Assessment
Attackers can unauthorizedly tamper with the quiz structure of other users, potentially leading to serious data integrity issues and a loss of trust in the educational system.
Recommendation
It is recommended to update the plugin to the latest version and implement additional validation mechanisms for user-controlled parameters to prevent unauthorized modifications.
Original NVD description (English source)
The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'rule_id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with custom-level access and above, to modify or delete quiz rules belonging to other teachers, resulting in unauthorized tampering of another user's quiz structure.

