Does Qwizcards | online quizzes and flashcards have any unpatched vulnerabilities?

No. All known vulnerabilities in Qwizcards | online quizzes and flashcards have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Qwizcards | online quizzes and flashcards compatible with WordPress 6.9.4?

According to WordPress.org data, Qwizcards | online quizzes and flashcards 4.00 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Qwizcards | online quizzes and flashcards updated?

Qwizcards | online quizzes and flashcards was last updated on Dec 27, 2025. Frequent updates are generally a positive security signal.

What is Qwizcards | online quizzes and flashcards's security score?

Qwizcards | online quizzes and flashcards has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Qwizcards | online quizzes and flashcards Security & Risk Analysis

wordpress.org/plugins/qwiz-online-quizzes-and-flashcards

Create quizzes and flashcard decks using an interactive WYSIWYG editor; record scores

200 active installs v4.00 PHP + WP + Updated Dec 27, 2025

flashcardsinteractive-quizlabeled-diagramsquiz

A · Safe

CVEs total3

Unpatched0

Last CVEJul 2, 2025

Plugin page Download

Safety Verdict

Is Qwizcards | online quizzes and flashcards Safe to Use in 2026?

Generally Safe

Score 97/100

Qwizcards | online quizzes and flashcards has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jul 2, 2025Updated 3mo ago

Risk Assessment

The "qwiz-online-quizzes-and-flashcards" plugin v4.00 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling and output escaping, significant concerns arise from its attack surface and lack of comprehensive authorization checks. The presence of 22 unprotected AJAX handlers presents a substantial risk, as attackers could potentially trigger unintended actions or exfiltrate data through these entry points. Although taint analysis did not reveal critical or high-severity issues, the single unsanitized path flow warrants attention, as it could be a vector for vulnerabilities if exploited correctly.

The plugin's vulnerability history shows a pattern of medium-severity Cross-Site Scripting (XSS) vulnerabilities, with the last recorded incident in July 2025. The fact that these are currently unpatched, even if medium, is a concern, implying potential ongoing risks. The plugin's strengths lie in its modern approach to SQL queries and robust output escaping, which mitigate common web vulnerabilities. However, the sheer number of unprotected AJAX endpoints significantly outweighs these strengths, demanding immediate remediation to secure the plugin effectively.

Key Concerns

22 unprotected AJAX handlers
0 Nonce checks
1 unsanitized path flow
3 medium severity CVEs (historically)
Dangerous function: preg_replace(/e)

Vulnerabilities

Qwizcards | online quizzes and flashcards Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2021

2021

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-6174medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Qwizcards <= 3.94 - Reflected Cross-Site Scripting

Jul 2, 2025 Patched in 3.95 (55d)

CVE-2021-24706medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qwizcards <= 3.61 - Stored Cross-Site Scripting

Oct 11, 2021 Patched in 3.62 (834d)

WF-f7350dc3-82a0-4f61-9ff8-4b622108fa06-qwiz-online-quizzes-and-flashcardsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qwiz Online Quizzes and Flashcards < 3.37 - Reflected Cross Site Scripting

Sep 7, 2019 Patched in 3.37 (1599d)

Code Analysis

Analyzed Mar 16, 2026

Qwizcards | online quizzes and flashcards Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

54 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace ('/\[embed.*?\[\/eqwizcards-plugin.php:487

Bundled Libraries

TinyMCESelect2

SQL Query Safety

100% prepared19 total queries

Output Escaping

98% escaped55 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths

<browse_dataset_questions> (browse_dataset_questions.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

22 unprotected

Qwizcards | online quizzes and flashcards Attack Surface

Entry Points26

Unprotected22

AJAX Handlers 22

authwp_ajax_get_dataset_questionsqwizcards-plugin.php:913

noprivwp_ajax_get_dataset_questionsqwizcards-plugin.php:914

authwp_ajax_process_embedsqwizcards-plugin.php:915

noprivwp_ajax_process_embedsqwizcards-plugin.php:916

authwp_ajax_erase_update_msgqwizcards-plugin.php:917

noprivwp_ajax_erase_update_msgqwizcards-plugin.php:918

authwp_ajax_qjaxqwizcards-plugin.php:919

noprivwp_ajax_qjaxqwizcards-plugin.php:920

authwp_ajax_browse_dataset_questionsqwizcards-plugin.php:921

noprivwp_ajax_browse_dataset_questionsqwizcards-plugin.php:922

authwp_ajax_get_qwiz_button_cssqwizcards-plugin.php:923

noprivwp_ajax_get_qwiz_button_cssqwizcards-plugin.php:924

authwp_ajax_generate_custom_feedbackqwizcards-plugin.php:925

noprivwp_ajax_generate_custom_feedbackqwizcards-plugin.php:926

authwp_ajax_generate_help_responseqwizcards-plugin.php:928

noprivwp_ajax_generate_help_responseqwizcards-plugin.php:929

authwp_ajax_textentry_suggestionsqwizcards-plugin.php:1551

noprivwp_ajax_textentry_suggestionsqwizcards-plugin.php:1552

authwp_ajax_qwiz_save_dataset_jsonqwizcards-plugin.php:1959

noprivwp_ajax_qwiz_save_dataset_jsonqwizcards-plugin.php:1960

authwp_ajax_qwiz_get_dataset_questions_feedbackqwizcards-plugin.php:2006

noprivwp_ajax_qwiz_get_dataset_questions_feedbackqwizcards-plugin.php:2007

Shortcodes 4

[qlatex] qwizcards-plugin.php:2293

[qlatexinline] qwizcards-plugin.php:2294

[qperiodic_table] qwizcards-plugin.php:2322

[qpopup] qwizcards-plugin.php:2339

WordPress Hooks 17

filtermce_buttons_2qwizcards-plugin.php:303

filtermce_external_pluginsqwizcards-plugin.php:304

actionwp_enqueue_scriptsqwizcards-plugin.php:881

actionadmin_enqueue_scriptsqwizcards-plugin.php:882

filterscript_loader_tagqwizcards-plugin.php:893

actionadmin_initqwizcards-plugin.php:905

actionadmin_initqwizcards-plugin.php:911

filtertiny_mce_before_initqwizcards-plugin.php:966

actionadmin_bar_menuqwizcards-plugin.php:1030

filterthe_contentqwizcards-plugin.php:1550

actionplugins_loadedqwizcards-plugin.php:1695

actionplugins_loadedqwizcards-plugin.php:1804

actionplugins_loadedqwizcards-plugin.php:1811

filterwp_insert_post_dataqwizcards-plugin.php:2155

actionadmin_enqueue_scriptsqwiz_admin.php:36

actionadmin_menuqwiz_admin.php:803

actionadmin_initqwiz_admin.php:804

Maintenance & Trust

Qwizcards | online quizzes and flashcards Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 27, 2025

PHP min version

Downloads68K

Community Trust

Rating100/100

Number of ratings11

Active installs200

Alternatives

Qwizcards | online quizzes and flashcards Alternatives

WP Flashcard LITE

wp-flashcard-lite

100

Finally a great flashcard plugin for WordPress. Easily add great looking flashcards to your site.

100 No CVEs

MyQuizGPT – Quiz Maker

myquizgpt-quiz-maker

100

Create and embed quizzes and flashcards into your blog posts. Perfect for teachers and schools to embed AI-powered study tools into WordPress posts.

0 No CVEs

Interactive Content – H5P

h5p

Create and add rich content to your website for free. Some examples of what you get with H5P are Interactive Video, Quizzes, Collage and Timeline.

40K 3 CVEs

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

quiz-master-next

Create quizzes, surveys, and tests easily on WordPress with this versatile plugin. Perfect for engaging any audience and gathering valuable insights!

40K 58 CVEs

Quiz Maker

quiz-maker

QUIZ MAKER plugin allows you to make an unlimited number of Quizzes, Exams and Tests

20K 22 CVEs

Developer Profile

Qwizcards | online quizzes and flashcards Developer Profile

Dan Kirshner

1 plugin · 200 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

829 days

View full developer profile

Detection Fingerprints

How We Detect Qwizcards | online quizzes and flashcards

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/qwiz-online-quizzes-and-flashcards/qwizzled_edit_area.css/wp-content/plugins/qwiz-online-quizzes-and-flashcards/jquery-ui.min.lightness.css

HTML / DOM Fingerprints

Data Attributes

data-qwiz_version

JS Globals

qwiz_paramsqwiz_T

FAQ

Qwizcards | online quizzes and flashcards Security & Risk Analysis

Is Qwizcards | online quizzes and flashcards Safe to Use in 2026?

Generally Safe

Key Concerns

Qwizcards | online quizzes and flashcards Security Vulnerabilities

CVEs by Year

Severity Breakdown

Qwizcards | online quizzes and flashcards Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Qwizcards | online quizzes and flashcards Attack Surface

AJAX Handlers 22

Shortcodes 4

Qwizcards | online quizzes and flashcards Maintenance & Trust

Maintenance Signals

Community Trust

Qwizcards | online quizzes and flashcards Alternatives

WP Flashcard LITE

MyQuizGPT – Quiz Maker

Interactive Content – H5P

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

Quiz Maker

Qwizcards | online quizzes and flashcards Developer Profile

How We Detect Qwizcards | online quizzes and flashcards

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Qwizcards | online quizzes and flashcards