HEXAM Security & Risk Analysis
wordpress.org/plugins/hexamProvide online exams,quizzes in your wordpress web site.
Is HEXAM Safe to Use in 2026?
Generally Safe
Score 85/100HEXAM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'hexam' v1.3 plugin exhibits several significant security concerns despite having no recorded vulnerability history. The static analysis reveals a complete lack of output escaping, meaning all dynamic data rendered to the user interface is susceptible to Cross-Site Scripting (XSS) attacks. This is a critical oversight that significantly undermines the plugin's security posture. Furthermore, the presence of two taint flows with unsanitized paths indicates a potential for arbitrary code execution or other severe vulnerabilities if these flows are exploitable. While the plugin has a small attack surface and no known CVEs, the identified code quality issues present a substantial risk. The absence of nonce and capability checks in its entry points (shortcodes) is also worrying, though the taint analysis did not explicitly link these to critical vulnerabilities. The plugin's security is compromised by its poor handling of output and potential for unsanitized data flow, outweighing the benefit of no known historical vulnerabilities.
Key Concerns
- All outputs are unescaped
- Two critical taint flows with unsanitized paths
- No nonce checks
- No capability checks
- Only 29% of SQL queries use prepared statements
HEXAM Security Vulnerabilities
HEXAM Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
HEXAM Attack Surface
Shortcodes 1
WordPress Hooks 1
Maintenance & Trust
HEXAM Maintenance & Trust
Maintenance Signals
Community Trust
HEXAM Alternatives
ProctoPress : Quiz/Exam Proctoring For Learning Management System(LMS)
exam-and-quiz-online-proctoring-with-lms-integration
Online Exam Proctoring solution provides advanced monitoring and restriction features that ensure fair and secure online examinations
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
quiz-master-next
Create quizzes, surveys, and tests easily on WordPress with this versatile plugin. Perfect for engaging any audience and gathering valuable insights!
Watu Quiz
watu
Creates exams, surveys, and quizzes with unlimited number of questions and answers. Mobile/touch - friendly.
ARI Stream Quiz – WordPress Quizzes Builder
ari-stream-quiz
Easy to use WordPress Viral Quiz Plugin. Create Trivia and Personality quizzes in BuzzFeed style and collect unlimited leads.
Chained Quiz
chained-quiz
Create a quiz where the next question depends on the answer to the previous question. Final quiz results depend on the amount of collected points.
HEXAM Developer Profile
5 plugins · 700 total installs
How We Detect HEXAM
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/hexam/hexam.css/wp-content/plugins/hexam/hexam.js/wp-content/plugins/hexam/hexam.jshexam.css?ver=hexam.js?ver=HTML / DOM Fingerprints
hexam_submithexam_resultCopyright 2010-2012, Elvin Haci (email : elvinhaci@hotmail.com)This program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,You should have received a copy of the GNU General Public License+3 morename="hexamform"name="hexamform1"<b>You need to login!</b><form method="post" action="" name="hexamform"><input type="submit" name="