Does Quiz Cat – WordPress Quiz Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Quiz Cat – WordPress Quiz Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Quiz Cat – WordPress Quiz Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, Quiz Cat – WordPress Quiz Plugin 3.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Quiz Cat – WordPress Quiz Plugin updated?

Quiz Cat – WordPress Quiz Plugin was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is Quiz Cat – WordPress Quiz Plugin's security score?

Quiz Cat – WordPress Quiz Plugin has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Quiz Cat – WordPress Quiz Plugin Security & Risk Analysis

wordpress.org/plugins/quiz-cat

Quiz Cat Lets You Create Beautiful Viral BuzzFeed-style Quizzes That Drive Social Shares & User Engagement. Set It Up In 2 Minutes.

5K active installs v3.1.0 PHP + WP 4.0+ Updated Dec 2, 2025

buzzfeed-quizquizquizzestrivia-quizviral-quiz

A · Safe

CVEs total1

Unpatched0

Last CVEMar 27, 2025

Plugin page Download

Safety Verdict

Is Quiz Cat – WordPress Quiz Plugin Safe to Use in 2026?

Generally Safe

Score 99/100

Quiz Cat – WordPress Quiz Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 27, 2025Updated 4mo ago

Risk Assessment

The plugin "quiz-cat" v3.1.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by using prepared statements for all SQL queries, implementing nonce checks on entry points, and conducting capability checks. The attack surface appears to be managed with all identified entry points having checks in place, and there are no currently unpatched known vulnerabilities.

However, significant concerns arise from the static analysis. The presence of the `unserialize` function, a known source of vulnerabilities if not handled with extreme care, is a red flag. Furthermore, the taint analysis reveals two flows with unsanitized paths, both classified as high severity. This indicates a potential for attackers to inject malicious data that is processed without proper validation, which could lead to various exploits. The fact that 58% of output escaping is not properly handled further exacerbates this risk, as unsanitized data could be reflected back to users in a harmful way.

While the vulnerability history shows no currently unpatched vulnerabilities and only a medium severity past CVE, the pattern of "Missing Authorization" in its history, combined with the current taint analysis findings, suggests a recurring area of weakness. The plugin's strengths lie in its database query security and its efforts to secure entry points, but the handling of serialized data and user-supplied input requires more robust sanitization to mitigate the identified high-severity taint flows and the potential risks associated with unserialization.

Key Concerns

High severity taint flows detected
Dangerous function 'unserialize' found
Significant percentage of unescaped output
Bundled library Select2

Vulnerabilities

Quiz Cat – WordPress Quiz Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-30877medium · 4.3Missing Authorization

Quiz Cat <= 3.0.8 - Missing Authorization

Mar 27, 2025 Patched in 3.0.9 (7d)

Code Analysis

Analyzed Mar 16, 2026

Quiz Cat – WordPress Quiz Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

112

80 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$quiz_meta = empty ( $all_meta['quiz_cat_meta'] ) ? array() : unserialize( $all_meta['quiz_cat_meta'includes\quiz\quiz.php:14

unserialize$questions = empty ( $all_meta['quiz_cat_questions'] ) ? array() : unserialize( $all_meta['quiz_cat_includes\quiz\quiz.php:17

unserialize$quiz_settings = empty ( $all_meta['quiz_cat_settings'] ) ? array() : unserialize( $all_meta['quiz_cincludes\quiz\quiz.php:18

unserialize$optin_settings = empty ( $all_meta['quiz_cat_optins'] ) ? array() : unserialize( $all_meta['quiz_caincludes\quiz\quiz.php:20

unserialize$quiz_results = empty ( $all_meta['quiz_cat_results'] ) ? array() : unserialize( $all_meta['quiz_catincludes\quiz\quiz.php:23

Bundled Libraries

Select2

SQL Query Safety

100% prepared3 total queries

Output Escaping

42% escaped192 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

process_bulk_action (includes\list\post-list-table.php:127)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Quiz Cat – WordPress Quiz Plugin Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_fca_qc_uninstallincludes\notices\notices.php:192

Shortcodes 1

[quiz-cat] includes\quiz\quiz.php:180

WordPress Hooks 22

actioninitincludes\block.php:34

actionenqueue_block_editor_assetsincludes\block.php:67

actionadmin_enqueue_scriptsincludes\editor\editor.php:68

actionedit_form_after_titleincludes\editor\editor.php:90

actionadd_meta_boxes_fca_qc_quizincludes\editor\editor.php:151

actionsave_post_fca_qc_quizincludes\editor\editor.php:732

filterwp_insert_post_dataincludes\editor\editor.php:742

filterredirect_post_locationincludes\editor\editor.php:811

filterthe_contentincludes\editor\editor.php:821

actionadd_meta_boxes_fca_qc_quizincludes\editor\sidebar.php:23

actionadmin_menuincludes\notices\notices.php:10

actionadmin_noticesincludes\notices\notices.php:110

actionfca_qc_schedule_review_noticeincludes\notices\notices.php:116

actionadmin_enqueue_scriptsincludes\notices\notices.php:158

actionadmin_menuincludes\notices\notices.php:205

actionadmin_footerincludes\notices\notices.php:235

actioninitincludes\post-type.php:49

filterpost_updated_messagesincludes\post-type.php:77

filterscreen_options_show_screenincludes\post-type.php:84

filterget_user_option_meta-box-order_fca_qc_quizincludes\post-type.php:100

actionadmin_menuincludes\post-type.php:113

actionwp_headincludes\post-type.php:129

Scheduled Events 2

fca_qc_schedule_review_notice

Maintenance & Trust

Quiz Cat – WordPress Quiz Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version

Downloads229K

Community Trust

Rating94/100

Number of ratings35

Active installs5K

Alternatives

Quiz Cat – WordPress Quiz Plugin Alternatives

WP Quizr

wp-quizr

100

Create Buzzfeed-style quizzes and share results on social media.

20 No CVEs

ARI Stream Quiz – WordPress Quizzes Builder

ari-stream-quiz

Easy to use WordPress Viral Quiz Plugin. Create Trivia and Personality quizzes in BuzzFeed style and collect unlimited leads.

2K 7 CVEs

Quiz Maker

quiz-maker

QUIZ MAKER plugin allows you to make an unlimited number of Quizzes, Exams and Tests

20K 22 CVEs

HD Quiz

hd-quiz

Create a Quiz. An easy-to-use feature rich plugin to create quizzes with quiz timer, pagination, hints, advanced marking, and leading help and support

7K 4 CVEs

Woorise – Landing Pages, Forms & Surveys

woorise

100

Create landing pages, forms, surveys, quizzes and viral giveaways.

2K No CVEs

Developer Profile

Quiz Cat – WordPress Quiz Plugin Developer Profile

fatcatapps

13 plugins · 67K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

242 days

View full developer profile

Detection Fingerprints

How We Detect Quiz Cat – WordPress Quiz Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/quiz-cat/includes/wysi/wysihtml.min.js/wp-content/plugins/quiz-cat/includes/wysi/wysi.min.css/wp-content/plugins/quiz-cat/includes/wysi/wysi.min.js/wp-content/plugins/quiz-cat/includes/editor/editor.js/wp-content/plugins/quiz-cat/includes/editor/editor.css/wp-content/plugins/quiz-cat/includes/editor/editor.min.js/wp-content/plugins/quiz-cat/includes/editor/editor.min.css

Script Paths

/wp-content/plugins/quiz-cat/includes/wysi/wysihtml.min.js/wp-content/plugins/quiz-cat/includes/wysi/wysi.min.js/wp-content/plugins/quiz-cat/includes/editor/editor.js/wp-content/plugins/quiz-cat/includes/editor/editor.min.js

Version Parameters

quiz-cat/includes/wysi/wysihtml.min.js?ver=quiz-cat/includes/wysi/wysi.min.css?ver=quiz-cat/includes/wysi/wysi.min.js?ver=quiz-cat/includes/editor/editor.js?ver=quiz-cat/includes/editor/editor.css?ver=quiz-cat/includes/editor/editor.min.js?ver=quiz-cat/includes/editor/editor.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

fca-qc-color1nav-tab-active

Data Attributes

data-post_type="fca_qc_quiz"

JS Globals

fcaQcAdminData

FAQ

Quiz Cat – WordPress Quiz Plugin Security & Risk Analysis

Is Quiz Cat – WordPress Quiz Plugin Safe to Use in 2026?

Generally Safe

Key Concerns

Quiz Cat – WordPress Quiz Plugin Security Vulnerabilities

CVEs by Year

Severity Breakdown

Quiz Cat – WordPress Quiz Plugin Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Quiz Cat – WordPress Quiz Plugin Attack Surface

AJAX Handlers 1

Shortcodes 1

Scheduled Events 2

Quiz Cat – WordPress Quiz Plugin Maintenance & Trust

Maintenance Signals

Community Trust

Quiz Cat – WordPress Quiz Plugin Alternatives

WP Quizr

ARI Stream Quiz – WordPress Quizzes Builder

Quiz Maker

HD Quiz

Woorise – Landing Pages, Forms & Surveys

Quiz Cat – WordPress Quiz Plugin Developer Profile

How We Detect Quiz Cat – WordPress Quiz Plugin

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Quiz Cat – WordPress Quiz Plugin