{“lastseen”:””,”description”:”The PressPrimer Quiz \u2013 AI Quiz Maker, Exam Builder \\u0026 LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the ‘rule_id’ parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with custom-level access and above, to modify or delete quiz rules belonging to other teachers, resulting in unauthorized tampering of another user’s quiz structure.”,”published”:”2026-06-18T05:34:24.522Z”,”modified”:”2026-06-18T18:18:48.769Z”,”type”:”cve”,”title”:”PressPrimer Quiz \\u003c= 2.3.0 – Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via ‘quiz_id’, ‘item_id’, and ‘rule_id’ Parameters”,”source”:”Wordfence”,”references”:”https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/150ac796-d77b-4915-8bbf-9f9b54be8eaf?source=cve\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.2.2\/includes\/api\/class-ppq-rest-controller.php#L1923\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.2.2\/includes\/api\/class-ppq-rest-controller.php#L1963\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.2.2\/includes\/api\/class-ppq-rest-controller.php#L1786\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.2.2\/includes\/api\/class-ppq-rest-controller.php#L1813\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.2.2\/includes\/api\/class-ppq-rest-controller.php#L1703\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.2.2\/includes\/api\/class-ppq-rest-controller.php#L1860\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.2.2\/includes\/api\/class-ppq-rest-controller.php#L434\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.1.0\/includes\/api\/class-ppq-rest-controller.php#L1923\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.1.0\/includes\/api\/class-ppq-rest-controller.php#L1963\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.1.0\/includes\/api\/class-ppq-rest-controller.php#L1786\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.1.0\/includes\/api\/class-ppq-rest-controller.php#L1813\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.1.0\/includes\/api\/class-ppq-rest-controller.php#L1703\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.1.0\/includes\/api\/class-ppq-rest-controller.php#L1860\\nhttps:\/\/plugins.trac.wordpress.org\/browser\/pressprimer-quiz\/tags\/2.1.0\/includes\/api\/class-ppq-rest-controller.php#L434\\nhttps:\/\/github.com\/PressPrimer\/pressprimer-quiz\/commit\/1795687″,”id”:”CVE-2026-10623″,”bulletinFamily”:””,”cwe”:[“CWE-639″],”cvelist”:null,”sourceData”:”pressprimer PressPrimer Quiz \u2013 AI Quiz Maker, Exam Builder \\u0026 LMS Assessment Plugin 0″,”sourceHref”:””,”cvss”:{“score”:4.3,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”PressPrimer Quiz \u2013 AI Quiz Maker, Exam Builder \\u0026 LMS Assessment Plugin”,”version”:”0″,”vendor”:”pressprimer”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”The PressPrimer Quiz \u2013 AI Quiz Maker, Exam Builder \\u0026 LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,123,12,21,13,7,11,5],"class_list":["post-64212","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-43","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n