[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftQb9WjC93cuRtdNKy9rrsZDpx8CsdZ7qqCUZaoofaWY":3,"$fUjoVUJBFlJXMF0-VRJ7Jq1MgLfGVntX68rYYbYI3DvA":229},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":50,"crawl_stats":38,"alternatives":58,"analysis":59,"fingerprints":201},"hd-quiz-save-results-light","HD Quiz – Save Results Light","0.7.3","Harmonic Design","https:\u002F\u002Fprofiles.wordpress.org\u002Fharmonic_design\u002F","\u003Cp>HD Quiz. The easiest way to create fun quizzes for you site\u003C\u002Fp>\n\u003Cp>This is an addon plugin for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhd-quiz\u002F\" title=\"HD Quiz\" rel=\"ugc\">HD Quiz\u003C\u002Fa> and cannot be used on its own. HD Quiz 1.7.0+ is required.\u003C\u002Fp>\n\u003Cp>See a live demo of \u003Ca href=\"https:\u002F\u002Fdesignbypixl.com\u002Fthe-ultimate-friends-quiz\u002F\" title=\"See a live demo\" rel=\"nofollow ugc\">HD Quiz in action\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This addon will create a new Results page for HD Quiz that shows a nice table listing each time one of your quizzes was completed. The table includes the name of the completed quiz, the date and time of completion, the score, whether the quiz was passed of failed, and, if the user was logged-in, their display name.\u003C\u002Fp>\n\u003Ch4>NOTICE ⚠️\u003C\u002Fh4>\n\u003Cp>This is a free and “light” version.\u003C\u002Fp>\n\u003Cp>The Save Results Pro addon is a paid version and can be found here: \u003Ca href=\"https:\u002F\u002Fharmonicdesign.ca\u002Fproduct\u002Fhd-quiz-save-results-pro\u002F\" title=\"Save Results Pro\" rel=\"nofollow ugc\">Save Results Pro\u003C\u002Fa>\u003Cbr \u002F>\n–   save quiz taker’s name and email\u003Cbr \u002F>\n–   add custom form fields\u003Cbr \u002F>\n–   send results via email\u003Cbr \u002F>\n–   sort and filter results\u003Cbr \u002F>\n–   save each result of each question\u002Fanswer\u003Cbr \u002F>\n–   leaderboard functionality\u003C\u002Fp>\n\u003Ch3>HOW TO USE | TUTORIAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Install HD Quiz\u003C\u002Fli>\n\u003Cli>Install this\u003C\u002Fli>\n\u003Cli>Check the Results page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Keywords\u003C\u002Fh4>\n\u003Cp>Quiz, quizzes, create a quiz, add a quiz, quiz plugin, hdq, harmonic design\u003C\u002Fp>\n","HD Quiz Save Results Light. Free addon for HD Quiz to save basic results of quizzes",1000,19726,80,4,"2026-02-06T18:20:00.000Z","6.9.4","5.0","7.0",[20,21,22,23,24],"harmonic-design","hd-quiz","hdq","hdquiz","save-quiz-results","https:\u002F\u002Fharmonicdesign.ca\u002Faddons\u002Fsave-results-light\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhd-quiz-save-results-light.0.7.3.zip",99,1,0,"2024-10-21 00:00:00","2026-04-06T09:54:40.288Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":38},"CVE-2024-49689","hd-quiz-save-results-light-missing-authorization","HD Quiz – Save Results Light \u003C= 0.5 - Missing Authorization","The HD Quiz – Save Results Light plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hdq_a_light_delete_results() function in versions up to, and including, 0.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete quiz results.",null,"\u003C=0.5","0.6","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2024-10-30 16:24:29",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbf0ad697-159f-4466-aa7e-d7c60b737cd8?source=api-prod",10,[],{"slug":51,"display_name":7,"profile_url":8,"plugin_count":52,"total_installs":53,"avg_security_score":54,"avg_patch_time_days":55,"trust_score":56,"computed_at":57},"harmonic_design",6,8270,88,205,71,"2026-04-08T09:08:56.464Z",[],{"attackSurface":60,"codeSignals":96,"taintFlows":121,"riskAssessment":187,"analyzedAt":200},{"hooks":61,"ajaxHandlers":80,"restRoutes":91,"shortcodes":92,"cronEvents":93,"entryPointCount":94,"unprotectedCount":95},[62,68,73,77],{"type":63,"name":64,"callback":65,"file":66,"line":67},"action","hdq_submit","hdq_a_light_submit","includes\\functions.php",11,{"type":63,"name":69,"callback":70,"file":71,"line":72},"init","hdq_a_light_check_hd_quiz_active","index.php",34,{"type":63,"name":74,"callback":75,"priority":67,"file":71,"line":76},"admin_menu","hdq_a_light_register_settings_page",44,{"type":63,"name":69,"callback":78,"file":71,"line":79},"hdq_a_light_create_settings_page",46,[81,85,88],{"action":82,"nopriv":83,"callback":82,"hasNonce":83,"hasCapCheck":83,"file":66,"line":84},"hdq_a_light_submit_action",false,40,{"action":82,"nopriv":86,"callback":82,"hasNonce":83,"hasCapCheck":83,"file":66,"line":87},true,41,{"action":89,"nopriv":83,"callback":89,"hasNonce":86,"hasCapCheck":86,"file":66,"line":90},"hdq_a_light_delete_results",222,[],[],[],3,2,{"dangerousFunctions":97,"sqlUsage":98,"outputEscaping":100,"fileOperations":29,"externalRequests":29,"nonceChecks":95,"capabilityChecks":28,"bundledLibraries":120},[],{"prepared":29,"raw":29,"locations":99},[],{"escaped":101,"rawEcho":102,"locations":103},23,7,[104,108,110,112,114,116,118],{"file":105,"line":106,"context":107},"includes\\results.php",108,"raw output",{"file":105,"line":109,"context":107},157,{"file":105,"line":111,"context":107},158,{"file":105,"line":113,"context":107},159,{"file":105,"line":115,"context":107},163,{"file":105,"line":117,"context":107},165,{"file":105,"line":119,"context":107},169,[],[122,155,177],{"entryPoint":123,"graph":124,"unsanitizedCount":95,"severity":154},"hdq_a_light_submit_action (includes\\functions.php:14)",{"nodes":125,"edges":149},[126,130,134,140,143,146],{"id":127,"type":128,"label":129,"file":66,"line":72},"n0","source","$_POST",{"id":131,"type":132,"label":133,"file":66,"line":72},"n1","transform","→ hdq_a_light_quiz_type_general()",{"id":135,"type":136,"label":137,"file":66,"line":138,"wp_function":139},"n2","sink","update_option() [Settings Manipulation]",93,"update_option",{"id":141,"type":128,"label":129,"file":66,"line":142},"n3",36,{"id":144,"type":132,"label":145,"file":66,"line":142},"n4","→ hdq_a_light_quiz_type_personality()",{"id":147,"type":136,"label":137,"file":66,"line":148,"wp_function":139},"n5",131,[150,151,152,153],{"from":127,"to":131,"sanitized":83},{"from":131,"to":135,"sanitized":83},{"from":141,"to":144,"sanitized":83},{"from":144,"to":147,"sanitized":83},"low",{"entryPoint":156,"graph":157,"unsanitizedCount":95,"severity":154},"\u003Cfunctions> (includes\\functions.php:0)",{"nodes":158,"edges":171},[159,162,163,164,165,166,167,169],{"id":127,"type":128,"label":160,"file":66,"line":161},"$_POST (x3)",27,{"id":131,"type":136,"label":137,"file":66,"line":138,"wp_function":139},{"id":135,"type":128,"label":129,"file":66,"line":72},{"id":141,"type":132,"label":133,"file":66,"line":72},{"id":144,"type":136,"label":137,"file":66,"line":138,"wp_function":139},{"id":147,"type":128,"label":129,"file":66,"line":142},{"id":168,"type":132,"label":145,"file":66,"line":142},"n6",{"id":170,"type":136,"label":137,"file":66,"line":148,"wp_function":139},"n7",[172,173,174,175,176],{"from":127,"to":131,"sanitized":86},{"from":135,"to":141,"sanitized":83},{"from":141,"to":144,"sanitized":83},{"from":147,"to":168,"sanitized":83},{"from":168,"to":170,"sanitized":83},{"entryPoint":178,"graph":179,"unsanitizedCount":29,"severity":154},"\u003Cresults> (includes\\results.php:0)",{"nodes":180,"edges":185},[181,183],{"id":127,"type":128,"label":129,"file":105,"line":182},28,{"id":131,"type":136,"label":137,"file":105,"line":184,"wp_function":139},33,[186],{"from":127,"to":131,"sanitized":86},{"summary":188,"deductions":189},"The \"hd-quiz-save-results-light\" plugin, version 0.7.3, presents a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and generally good output escaping (77%), there are significant concerns regarding its attack surface and authorization mechanisms.  Two out of three AJAX handlers lack authentication checks, which could potentially expose sensitive functionality to unauthenticated users. The taint analysis revealing two flows with unsanitized paths, though not classified as critical or high severity, warrants attention as it indicates potential pathways for malicious input to be processed without adequate sanitization.\n\nThe plugin's vulnerability history shows one known CVE, which is currently unpatched. This is a concerning trend, especially considering the historical prevalence of \"Missing Authorization\" vulnerabilities. While the current unpatched status is 0, the pattern suggests a recurring issue that needs proactive attention. The plugin's strengths lie in its secure handling of database interactions and output. However, the presence of unprotected entry points and past authorization-related vulnerabilities detract from its overall security. A balanced view acknowledges its secure coding in certain areas but emphasizes the need to address the exposed AJAX endpoints and reinforce authorization checks.",[190,192,195,198],{"reason":191,"points":48},"AJAX handlers without auth checks",{"reason":193,"points":194},"Flows with unsanitized paths (taint analysis)",5,{"reason":196,"points":197},"Total known CVEs (1)",15,{"reason":199,"points":194},"Missing capability checks on one entry point","2026-03-16T19:07:20.448Z",{"wat":202,"direct":211},{"assetPaths":203,"generatorPatterns":206,"scriptPaths":207,"versionParams":208},[204,205],"\u002Fwp-content\u002Fplugins\u002Fhd-quiz-save-results-light\u002Fincludes\u002Fcss\u002Fhdq_a_light_admin_style.css","\u002Fwp-content\u002Fplugins\u002Fhd-quiz-save-results-light\u002Fjs\u002Fhdq_a_light_admin.js",[],[205],[209,210],"hdq_a_light_admin_style.css?v=","hdq_a_light_admin.js?v=",{"cssClasses":212,"htmlComments":221,"htmlAttributes":222,"restEndpoints":224,"jsGlobals":225,"shortcodeOutput":228},[213,214,215,216,217,218,219,220],"hdq_active_tab","hdq_tab_content","hdq_tab","hdq_srp","hdq_meta_forms","hdq_wrapper","hdq_form_wrapper","hdq_a_light_table",[],[223],"data-hdq-content",[],[226,227],"HDQ_A_LIGHT_PLUGIN_VERSION","HDQ_SRL_MAX_RESULTS",[],{"slug":4,"current_version":6,"total_versions":194,"versions":230},[231,236,243,250,257],{"version":6,"download_url":26,"svn_tag_url":232,"released_at":38,"has_diff":83,"diff_files_changed":233,"diff_lines":38,"trac_diff_url":234,"vulnerabilities":235,"is_current":86},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhd-quiz-save-results-light\u002Ftags\u002F0.7.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhd-quiz-save-results-light%2Ftags%2F0.7.2&new_path=%2Fhd-quiz-save-results-light%2Ftags%2F0.7.3",[],{"version":237,"download_url":238,"svn_tag_url":239,"released_at":38,"has_diff":83,"diff_files_changed":240,"diff_lines":38,"trac_diff_url":241,"vulnerabilities":242,"is_current":83},"0.7.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhd-quiz-save-results-light.0.7.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhd-quiz-save-results-light\u002Ftags\u002F0.7.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhd-quiz-save-results-light%2Ftags%2F0.7.1&new_path=%2Fhd-quiz-save-results-light%2Ftags%2F0.7.2",[],{"version":244,"download_url":245,"svn_tag_url":246,"released_at":38,"has_diff":83,"diff_files_changed":247,"diff_lines":38,"trac_diff_url":248,"vulnerabilities":249,"is_current":83},"0.7.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhd-quiz-save-results-light.0.7.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhd-quiz-save-results-light\u002Ftags\u002F0.7.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhd-quiz-save-results-light%2Ftags%2F0.7.0&new_path=%2Fhd-quiz-save-results-light%2Ftags%2F0.7.1",[],{"version":251,"download_url":252,"svn_tag_url":253,"released_at":38,"has_diff":83,"diff_files_changed":254,"diff_lines":38,"trac_diff_url":255,"vulnerabilities":256,"is_current":83},"0.7.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhd-quiz-save-results-light.0.7.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhd-quiz-save-results-light\u002Ftags\u002F0.7.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhd-quiz-save-results-light%2Ftags%2F0.6.0&new_path=%2Fhd-quiz-save-results-light%2Ftags%2F0.7.0",[],{"version":258,"download_url":259,"svn_tag_url":260,"released_at":38,"has_diff":83,"diff_files_changed":261,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":262,"is_current":83},"0.6.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhd-quiz-save-results-light.0.6.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhd-quiz-save-results-light\u002Ftags\u002F0.6.0\u002F",[],[]]