Does HD Quiz have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is HD Quiz compatible with WordPress 6.9.4?

According to WordPress.org data, HD Quiz 2.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is HD Quiz compatible with PHP 7.0+?

HD Quiz requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is HD Quiz updated?

HD Quiz was last updated on Mar 24, 2026. Frequent updates are generally a positive security signal.

What is HD Quiz's security score?

HD Quiz has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HD Quiz Security & Risk Analysis

wordpress.org/plugins/hd-quiz

Create a Quiz. An easy-to-use feature rich plugin to create quizzes with quiz timer, pagination, hints, advanced marking, and leading help and support

7K active installs v2.1.0 PHP 7.0+ WP 5.0+ Updated Mar 24, 2026

examquizquiz-makerquizzes

A · Safe

CVEs total4

Unpatched0

Last CVEJan 24, 2026

Plugin page Download

Safety Verdict

Is HD Quiz Safe to Use in 2026?

Generally Safe

Score 95/100

HD Quiz has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Jan 24, 2026Updated 1mo ago

Risk Assessment

The hd-quiz plugin, version 2.0.10, presents a mixed security posture. While it demonstrates strong practices in areas such as using prepared statements for all SQL queries and a lack of critical or high severity vulnerabilities in recent history, significant concerns remain regarding its attack surface. A substantial portion of its AJAX handlers, 12 out of 12, lack authorization checks, creating a wide entry point for potential unauthorized actions if malicious input can be crafted. The taint analysis, although not revealing critical or high severity issues, did identify 9 flows with unsanitized paths, suggesting a potential for vulnerabilities if these paths are exploited through the unprotected AJAX handlers. The vulnerability history, with 4 medium severity CVEs related to missing authorization and cross-site scripting, reinforces the concern around authorization and input sanitization. While the plugin has no currently unpatched vulnerabilities, the patterns observed in past issues and the static analysis findings indicate a need for diligent review and hardening of its unprotected entry points to mitigate risks.

Key Concerns

High number of unprotected AJAX handlers
Taint flows with unsanitized paths
Past vulnerabilities in authorization and XSS
Output escaping not fully implemented

Vulnerabilities

4 published

HD Quiz Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2026-24544medium · 4.3Missing Authorization

HD Quiz <= 2.0.9 - Missing Authorization

Jan 24, 2026 Patched in 2.0.10 (7d)

CVE-2024-13383medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

HD Quiz <= 1.8.14 - Authenticated (Editor+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 2.0.0 (88d)

CVE-2024-22161medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

HD Quiz <= 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Jan 16, 2024 Patched in 1.8.12 (7d)

CVE-2021-24571medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

HD Quiz <= 1.8.3 - Stored Cross-Site Scripting

Jul 26, 2021 Patched in 1.8.4 (911d)

Version History

HD Quiz Release Timeline

v2.1.0Current

v2.0.10

v2.0.91 CVE

v2.0.71 CVE

v2.0.61 CVE

v2.0.51 CVE

v2.0.41 CVE

v2.0.31 CVE

v2.0.21 CVE

v2.0.11 CVE

v2.0.01 CVE

v1.8.152 CVEs

CVE-2026-24544 CVE-2024-13383

v1.8.122 CVEs

CVE-2026-24544 CVE-2024-13383

v1.8.93 CVEs

CVE-2026-24544 CVE-2024-22161 CVE-2024-13383

v1.8.63 CVEs

CVE-2026-24544 CVE-2024-22161 CVE-2024-13383

v1.8.53 CVEs

CVE-2026-24544 CVE-2024-22161 CVE-2024-13383

v1.8.43 CVEs

CVE-2026-24544 CVE-2024-22161 CVE-2024-13383

v1.8.24 CVEs

CVE-2021-24571 CVE-2026-24544 CVE-2024-22161 +1 more

v1.8.14 CVEs

CVE-2021-24571 CVE-2026-24544 CVE-2024-22161 +1 more

v1.7.04 CVEs

CVE-2021-24571 CVE-2026-24544 CVE-2024-22161 +1 more

Code Analysis

Analyzed Mar 16, 2026

HD Quiz Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

195

309 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

61% escaped504 total outputs

Data Flows · Security

9 unsanitized

Data Flow Analysis

11 flows9 with unsanitized paths

import (classes\csv-import-tool.php:24)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

12 unprotected

HD Quiz Attack Surface

Entry Points13

Unprotected12

AJAX Handlers 12

authwp_ajax_hdq_settings_saveincludes\actions-ajax.php:18

authwp_ajax_hdq_get_view_dashboardincludes\actions-ajax.php:28

authwp_ajax_hdq_get_view_quizincludes\actions-ajax.php:49

authwp_ajax_hdq_create_quizincludes\actions-ajax.php:64

authwp_ajax_hdq_save_quizincludes\actions-ajax.php:83

authwp_ajax_hdq_delete_quizincludes\actions-ajax.php:98

authwp_ajax_hdq_get_view_questionincludes\actions-ajax.php:117

authwp_ajax_hdq_get_question_typeincludes\actions-ajax.php:143

authwp_ajax_hdq_save_questionincludes\actions-ajax.php:167

authwp_ajax_hdq_delete_questionincludes\actions-ajax.php:188

authwp_ajax_hdq_accept_csvincludes\actions-ajax.php:199

authwp_ajax_hdq_csv_import_questionincludes\actions-ajax.php:208

Shortcodes 1

[HDquiz] index.php:179

WordPress Hooks 34

filteruser_can_richedithdfields\classes\fields.php:867

filterhd_contenthdfields\classes\sanitize.php:288

filterhd_contenthdfields\classes\sanitize.php:289

filterhd_contenthdfields\classes\sanitize.php:290

filterhd_contenthdfields\classes\sanitize.php:291

filterhd_contenthdfields\classes\sanitize.php:292

filterhd_contenthdfields\classes\sanitize.php:293

filteruser_can_richeditincludes\admin-pages.php:42

actionadmin_enqueue_scriptsincludes\admin-pages.php:520

actionadd_meta_boxesincludes\admin-pages.php:526

filterhd_add_new_field_typesincludes\custom-fields.php:27

filterhdq_contentincludes\functions.php:47

filterhdq_contentincludes\functions.php:48

filterhdq_contentincludes\functions.php:49

filterhdq_contentincludes\functions.php:50

filterhdq_contentincludes\functions.php:51

filterhdq_contentincludes\functions.php:52

filterwp_titleincludes\functions.php:683

filtertemplate_includeincludes\functions.php:690

actioninitincludes\functions.php:699

actioninitincludes\question-cpt.php:30

filterthe_contentincludes\questions\multiple-choice-image.php:34

filterthe_contentincludes\questions\multiple-choice-text.php:25

filterthe_contentincludes\questions\personality-multiple-choice-image.php:39

filterthe_contentincludes\questions\personality-multiple-choice-text.php:31

filterthe_contentincludes\questions\select-all-apply-image.php:36

filterthe_contentincludes\questions\select-all-apply-text.php:28

actioninitincludes\quiz-taxonomy.php:24

actioninitindex.php:52

actioninitindex.php:62

filterredirect_canonicalindex.php:105

actionadmin_menuindex.php:112

actioninitindex.php:115

actioninitindex.php:218

Maintenance & Trust

HD Quiz Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 24, 2026

PHP min version7.0

Downloads255K

Community Trust

Rating98/100

Number of ratings143

Active installs7K

Alternatives

HD Quiz Alternatives

Quiz Maker

quiz-maker

QUIZ MAKER plugin allows you to make an unlimited number of Quizzes, Exams and Tests

20K 24 CVEs

QuizFlow – AI-Powered Quiz Maker

quizflow

100

A powerful AI-powered quiz and survey maker allow you to create and manage unlimited quizes with advanced features and detailed submission tracking.

0 No CVEs

Quiz Maker – Save Progress

quiz-maker-save-progress

A plugin that Saves AYS Quiz Maker Progress

40 No CVEs

Anand Quiz

anand-quiz

100

A powerful WordPress quiz and exam maker plugin to create and manage engaging quizzes and exams with an intuitive, user-friendly interface.

0 No CVEs

EmbedQuiz

embedquiz

This plugin connects WordPress to EmbedQuiz.com. Use Gutenberg Blocks, Shortcodes, and Legacy Widgets to embed quizzes on your website!

0 No CVEs

Developer Profile

HD Quiz Developer Profile

Harmonic Design

6 plugins · 8K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

186 days

View full developer profile

Detection Fingerprints

How We Detect HD Quiz

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hd-quiz/assets/css/hdq-quiz-front.css/wp-content/plugins/hd-quiz/assets/js/hdq_quiz_front.js/wp-content/plugins/hd-quiz/assets/css/hdq-admin.css/wp-content/plugins/hd-quiz/assets/js/hdq_quiz_admin.js/wp-content/plugins/hd-quiz/assets/js/hdq_quiz_results.js

Script Paths

/wp-content/plugins/hd-quiz/assets/js/hdq_quiz_front.js/wp-content/plugins/hd-quiz/assets/js/hdq_quiz_results.js/wp-content/plugins/hd-quiz/assets/js/hdq_quiz_admin.js

Version Parameters

hd-quiz/assets/css/hdq-quiz-front.css?ver=hd-quiz/assets/js/hdq_quiz_front.js?ver=hd-quiz/assets/css/hdq-admin.css?ver=hd-quiz/assets/js/hdq_quiz_admin.js?ver=hd-quiz/assets/js/hdq_quiz_results.js?ver=

HTML / DOM Fingerprints

CSS Classes

hdq_quiz_wrapperhdq-questionhdq-answerhdq-results-wrapperhdq_answer_inputhdq_question_counterhdq_question_titlehdq_quiz_content+10 more

HTML Comments

+19 more

Data Attributes

data-hdq-quiz-iddata-question-iddata-answer-iddata-quiz-iddata-question-orderdata-user-id+7 more

JS Globals

hdq_quiz_varshdq_quiz_datahdq_quiz_answershdq_quiz_scorehdq_quiz_current_questionhdq_quiz_total_questions+5 more

REST Endpoints

/wp-json/hdq/v1/get_quiz/wp-json/hdq/v1/submit_answer/wp-json/hdq/v1/get_results

Shortcode Output

[HDquiz quiz='']

FAQ

HD Quiz Security & Risk Analysis

Is HD Quiz Safe to Use in 2026?

Generally Safe

Key Concerns

HD Quiz Security Vulnerabilities

CVEs by Year

Severity Breakdown

HD Quiz Release Timeline

HD Quiz Code Analysis

Output Escaping

Data Flow Analysis

HD Quiz Attack Surface

AJAX Handlers 12

Shortcodes 1

HD Quiz Maintenance & Trust

Maintenance Signals

Community Trust

HD Quiz Alternatives

Quiz Maker

QuizFlow – AI-Powered Quiz Maker

Quiz Maker – Save Progress

Anand Quiz

EmbedQuiz

HD Quiz Developer Profile

How We Detect HD Quiz

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about HD Quiz