{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10493", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-15T17:13:39.985Z", "datePublished": "2025-09-18T06:49:45.112Z", "dateUpdated": "2026-04-08T16:40:38.202Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:40:38.202Z"}, "affected": [{"vendor": "prasunsen", "product": "Chained Quiz", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack and modify other users' quiz attempts by manipulating the chained_completion_id cookie value, allowing them to alter quiz answers, scores, and results of any user. The vulnerability was partially patched in versions 1.3.4 and 1.3.5."}], "title": "Chained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d8f6965-1fe3-4f24-bd6b-9026e91bc5db?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/chained-quiz/tags/1.3.3/controllers/quizzes.php"}, {"url": "https://plugins.trac.wordpress.org/browser/chained-quiz/tags/1.3.3/models/quiz.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3362561/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3362701/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3362966/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Karuppiah Sabari Kumar"}], "timeline": [{"time": "2025-09-16T12:25:33.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-17T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-18T13:54:56.121510Z", "id": "CVE-2025-10493", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T14:03:36.463Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10493", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-18T13:54:56.121510Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T13:54:55.439Z"}}], "cna": {"title": "Chained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie", "credits": [{"lang": "en", "type": "finder", "value": "Karuppiah Sabari Kumar"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "prasunsen", "product": "Chained Quiz", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.3.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-16T12:25:33.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-17T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d8f6965-1fe3-4f24-bd6b-9026e91bc5db?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/chained-quiz/tags/1.3.3/controllers/quizzes.php"}, {"url": "https://plugins.trac.wordpress.org/browser/chained-quiz/tags/1.3.3/models/quiz.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3362561/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3362701/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3362966/"}], "descriptions": [{"lang": "en", "value": "The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack and modify other users' quiz attempts by manipulating the chained_completion_id cookie value, allowing them to alter quiz answers, scores, and results of any user. The vulnerability was partially patched in versions 1.3.4 and 1.3.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-18T06:49:45.112Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10493", "state": "PUBLISHED", "dateUpdated": "2025-09-18T14:03:36.463Z", "dateReserved": "2025-09-15T17:13:39.985Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-18T06:49:45.112Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack and modify other users' quiz attempts by manipulating the chained_completion_id cookie value, allowing them to alter quiz answers, scores, and results of any user. The vulnerability was partially patched in versions 1.3.4 and 1.3.5."}], "id": "CVE-2025-10493", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-18T07:15:59.390", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/chained-quiz/tags/1.3.3/controllers/quizzes.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/chained-quiz/tags/1.3.3/models/quiz.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3362561/"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3362701/"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3362966/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d8f6965-1fe3-4f24-bd6b-9026e91bc5db?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T22:11:49.737440+00:00", "value": {"mitigation_remediation": ["Replace the Chained Quiz plugin with the latest stable release that fully fixes the input validation flaw", "If no newer version is immediately available, remove or deactivate the plugin to block exploitation", "Add server\u2011side validation that ensures the chained_completion_id cookie value matches an existing quiz attempt record for the authenticated user or is otherwise rejected before any quiz data is accessed or altered"], "summary": {"action": "Apply Latest Patch", "impact": "Unauthenticated direct object reference permitting attackers to hijack and alter other users\u2019 quiz attempts, answers, scores, and results"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the Chained Quiz plugin from the prasunsen developer with version 1.3.4 or earlier are affected. Versions 1.3.4 and 1.3.5 contain only a partial patch and are likely still vulnerable, so sites using these releases should treat them as compromised. The plugin is available through the official WordPress repository and has been noted in Wordfence vulnerability notices.", "description_and_impact": "The Chained Quiz plugin for WordPress contains an insecure direct object reference flaw because it accepts a user\u2011controlled value in the chained_completion_id cookie without validating that the cookie refers to a quiz attempt belonging to the current visitor. An attacker who sets this cookie to any identifier can make the plugin load the corresponding attempt as if the visitor were that user, thereby viewing and permanently changing the answers, scores, and final results of other users. This vulnerability does not grant remote code execution, but it compromises the confidentiality and integrity of quiz data relied upon by the site.", "risk_and_exploitability": "The flaw has a CVSS score of 5.3, signalling moderate severity for an unauthenticated exploit. An EPSS score of 3% indicates a low but non\u2011zero likelihood of exploitation in the wild; it is not listed in the CISA KEV catalog. The attack path is straightforward: an unauthenticated user merely needs to set a crafted chained_completion_id cookie and send the request to the target. No additional privileges or conditions are required, and the impact is limited to the data integrity and confidentiality of quiz attempts for all site users."}}}}, "created": "2025-09-18T12:41:00.489040+00:00", "updated": "2026-04-22T22:15:26.358170+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}