Vulnerabilities ›

CVE-2026-6817

Medium

CWE-79 — Weakness Type

                    Published: May 2, 2026                      ·  Modified: May 5, 2026                      ·  Source: NVD                

CVSS v3

5.8

🔗 NVD Official

📄 Description (English)

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

🤖 AI Executive Summary

The Quiz Maker by AYS WordPress plugin versions up to 6.7.1.29 contains a Stored Cross-Site Scripting (XSS) vulnerability in the 'rate_reason' parameter due to insufficient input sanitization. Unauthenticated attackers can inject malicious scripts that execute when users access affected pages.

📄 Description (Arabic)

تحتوي إضافة Quiz Maker by AYS لـ WordPress على ثغرة XSS مخزنة في معامل 'rate_reason' بسبب عدم كفاية تنظيف المدخلات والتحقق من المخرجات. يمكن للمهاجمين غير المصرح لهم حقن برامج نصية ضارة تُنفذ عند وصول المستخدمين إلى الصفحات المصابة.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 24, 2026 19:54

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1598

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update the Quiz Maker by AYS plugin to version 6.7.2 or later immediately. If immediate patching is not possible, disable the plugin until an update is available. Implement Web Application Firewall (WAF) rules to filter malicious script injections and conduct security audits of all quiz submissions.

🔧 خطوات المعالجة (العربية)

قم بتحديث إضافة Quiz Maker by AYS إلى الإصدار 6.7.2 أو أحدث فوراً. إذا لم يكن التحديث ممكناً، قم بتعطيل الإضافة حتى يتوفر تحديث. طبق قواعد جدار حماية تطبيقات الويب (WAF) لتصفية حقن البرامج النصية الضارة وأجرِ تدقيقات أمنية لجميع تقديمات الاستبيانات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

6.1.1 6.1.2

🔵 SAMA CSF

CC6.1 CC6.2

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5

🔗 References & Sources 2

🔗

https://plugins.trac.wordpress.org/changeset/3513370/quiz-maker

security@wordfence.com

🔗

https://www.wordfence.com/threat-intel/vulnerabilities/id/fa995fa9-5fb1-434a-bf88-c60e9...

security@wordfence.com

📊 CVSS Score

5.8

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.8

CWECWE-79

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-05-02

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-6817

Introduce Yourself

Sign In Required