Does Quizzlestick have any unpatched vulnerabilities?

No. All known vulnerabilities in Quizzlestick have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Quizzlestick compatible with WordPress 4.6.30?

According to WordPress.org data, Quizzlestick 1.0.1 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Quizzlestick updated?

Quizzlestick was last updated on Jan 2, 2019. Frequent updates are generally a positive security signal.

What is Quizzlestick's security score?

Quizzlestick has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Quizzlestick Security & Risk Analysis

wordpress.org/plugins/quizzlestick

Use Quizzlestick to create quizzes to question your users and test their knowledge.

10 active installs v1.0.1 PHP + WP 4.0+ Updated Jan 2, 2019

pluginsquiz

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Quizzlestick Safe to Use in 2026?

Generally Safe

Score 85/100

Quizzlestick has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The quizzlestick v1.0.1 plugin exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) and a low number of identified flows in taint analysis, with none flagged as critical or high. The majority of SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are generally good signs of secure coding practices.

However, several concerns emerge from the static analysis. The presence of a dangerous function like `create_function` is a significant red flag, as it can lead to code injection vulnerabilities if not handled with extreme caution. Furthermore, one out of five AJAX handlers lacks authentication checks, creating a potential entry point for unauthorized actions. While the output escaping rate is moderate, it means a portion of outputs are not properly sanitized, potentially exposing the site to cross-site scripting (XSS) attacks. The limited number of capability checks also suggests a potential for privilege escalation if the unprotected AJAX handler can be triggered by unauthenticated users.

The absence of any past vulnerabilities, while positive, doesn't guarantee future security. The current code analysis reveals specific areas that require immediate attention to prevent the plugin from becoming a target. A balanced conclusion is that while the plugin's history is clean and some secure practices are in place, the identified static analysis issues, particularly the unprotected AJAX handler and the use of `create_function`, present tangible risks that need to be addressed.

Key Concerns

Unprotected AJAX handler
Use of dangerous function: create_function
Insufficient output escaping (38% not escaped)
Limited capability checks (2 total)

Vulnerabilities

None known

Quizzlestick Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Quizzlestick Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

116 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionusort( $all_terms, create_function( '$a, $b', 'return strcmp( strtolower( $a->name ), strtolower( $bcore\icit-helpers.php:727

SQL Query Safety

80% prepared5 total queries

Output Escaping

62% escaped187 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

get_attachment_image (core\icit-fields.php:786)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Quizzlestick Attack Surface

Entry Points8

Unprotected1

AJAX Handlers 5

authwp_ajax_get_attachment_imagecore\icit-fields.php:896

authwp_ajax_remove_noticecore\icit-notices.php:31

authwp_ajax_get_attachment_imagecore\icit-plugin.php:120

authwp_ajax_quizzlestick_apiquizzlestick.php:87

noprivwp_ajax_quizzlestick_apiquizzlestick.php:88

Shortcodes 3

[embed] inc\wp-embed.php:31

[embed] inc\wp-embed.php:67

[quizzlestick] quizzlestick.php:81

WordPress Hooks 60

filterstyle_loader_tagcore\icit-helpers.php:10

filterwidget_textcore\icit-helpers.php:48

actionthe_postcore\icit-helpers.php:60

filterexcerpt_lengthcore\icit-helpers.php:769

filterthe_excerptcore\icit-helpers.php:771

actionplugins_loadedcore\icit-helpers.php:832

actioninitcore\icit-helpers.php:858

actionadmin_initcore\icit-notices.php:10

actionadmin_noticescore\icit-notices.php:28

actionadmin_print_footer_scriptscore\icit-notices.php:34

actionadmin_menucore\icit-options.php:86

actioncustomize_registercore\icit-options.php:90

actionadmin_initcore\icit-options.php:95

actioncustomize_registercore\icit-options.php:97

actionadmin_initcore\icit-options.php:100

actioncustomize_registercore\icit-options.php:101

actionadmin_enqueue_scriptscore\icit-options.php:104

actionadmin_noticescore\icit-options.php:124

actioninitcore\icit-plugin.php:124

actionadmin_initcore\icit-plugin.php:125

actionwidgets_initcore\icit-plugin.php:126

actionwp_enqueue_scriptscore\icit-plugin.php:127

actionadmin_enqueue_scriptscore\icit-plugin.php:128

actionwpcore\icit-plugin.php:129

actionwp_enqueue_scriptscore\icit-theme.php:125

actioninitcore\icit-theme.php:139

actionafter_setup_themecore\icit-theme.php:140

actionadmin_initcore\icit-theme.php:141

actionwidgets_initcore\icit-theme.php:142

actionwp_enqueue_scriptscore\icit-theme.php:143

actionadmin_enqueue_scriptscore\icit-theme.php:144

actionafter_switch_themecore\icit-theme.php:145

actionswitch_themecore\icit-theme.php:146

actionwpcore\icit-theme.php:147

actionwp_headcore\icit-theme.php:150

actionwp_headcore\icit-theme.php:151

filterexcerpt_lengthcore\icit-theme.php:156

filterexcerpt_morecore\icit-theme.php:159

actionwp_enqueue_scriptscore\icit-theme.php:162

filterthe_contentcore\icit-theme.php:163

filterthe_excerptcore\icit-theme.php:164

filterpost_classcore\icit-theme.php:165

filterbody_classcore\icit-theme.php:167

filterget_previous_post_joincore\icit-theme.php:170

filterget_previous_post_wherecore\icit-theme.php:171

filterget_next_post_joincore\icit-theme.php:172

filterget_next_post_wherecore\icit-theme.php:173

actionadmin_initcore\icit-theme.php:176

filteradd_post_metadatainc\wp-preview-meta.php:11

filterupdate_post_metadatainc\wp-preview-meta.php:12

filterdelete_post_metadatainc\wp-preview-meta.php:13

filterget_post_metadatainc\wp-preview-meta.php:14

actionplugins_loadedquizzlestick.php:24

actionadd_meta_boxesquizzlestick.php:77

actionsave_postquizzlestick.php:78

filterthe_contentquizzlestick.php:84

filterembed_cache_oembed_typesquizzlestick.php:122

filterpost_updated_messagesquizzlestick.php:200

filterwp_get_attachment_image_attributesquizzlestick.php:271

filterthe_contentquizzlestick.php:550

Maintenance & Trust

Quizzlestick Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedJan 2, 2019

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Quizzlestick Alternatives

Product Selector Recommendation Quiz for WooCommerce

product-selector-guide-and-finder-for-woocommerce

Expand the capabilities of your WordPress site with Velocity Plugins. Our unique product selector tool helps your users find the right product, leadin …

40 No CVEs

WP Rollback – Rollback Plugins and Themes

wp-rollback

Rollback (or forward) any WordPress.org plugin, theme, or block like a boss.

300K 2 CVEs

Download Plugin

download-plugin

Download any plugin from your WordPress admin panel's Plugins page by just one click! Now, download themes, users, blog posts, pages, custom post …

50K 5 CVEs

Interactive Content – H5P

h5p

Create and add rich content to your website for free. Some examples of what you get with H5P are Interactive Video, Quizzes, Collage and Timeline.

40K 3 CVEs

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

quiz-master-next

Create quizzes, surveys, and tests easily on WordPress with this versatile plugin. Perfect for engaging any audience and gathering valuable insights!

40K 57 CVEs

Developer Profile

Quizzlestick Developer Profile

interconnectit

4 plugins · 4K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Quizzlestick

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/quizzlestick/assets/js/script.js/wp-content/plugins/quizzlestick/assets/css/style.css

Version Parameters

quizzlestick/assets/js/script.js?ver=quizzlestick/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

quizzlestick-wrapqs-questionqs-answerqs-result-wrapqs-start-buttonqs-next-buttonqs-previous-buttonqs-reset-button

HTML Comments

+1 more

Data Attributes

data-quiz-iddata-current-question

JS Globals

window.Quizzlestick

Shortcode Output

<div class="quizzlestick-wrap"><div class="qs-question-area"><div class="qs-answer-area"><div class="qs-result-wrap">

FAQ