Does Make My Trivia have any unpatched vulnerabilities?

Yes — Make My Trivia currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Make My Trivia compatible with WordPress 6.9.4?

According to WordPress.org data, Make My Trivia 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Make My Trivia compatible with PHP 8.2+?

Make My Trivia requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Make My Trivia updated?

Make My Trivia was last updated on Jan 10, 2026. Frequent updates are generally a positive security signal.

What is Make My Trivia's security score?

Make My Trivia has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Make My Trivia Security & Risk Analysis

wordpress.org/plugins/trivialy

Boost sales with Make My Trivia! Engage customers with quizzes, Spin to Win, and more. Incentivize with promo codes and direct links.

10 active installs v1.1.0 PHP 8.2+ WP 5.7+ Updated Jan 10, 2026

couponseducationgamemakemytriviaquiz

B · Generally Safe

CVEs total1

Unpatched1

Last CVEMar 1, 2026

Plugin page Download

Safety Verdict

Is Make My Trivia Safe to Use in 2026?

Mostly Safe

Score 78/100

Make My Trivia is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Mar 1, 2026Updated 4mo ago

Risk Assessment

The "trivialy" plugin v1.1.0 demonstrates a generally strong security posture with several positive indicators. The complete absence of dangerous functions, file operations, and external HTTP requests is commendable. Furthermore, the plugin achieves 100% output escaping, which is a critical security best practice that significantly mitigates cross-site scripting (XSS) vulnerabilities. The robust use of prepared statements for SQL queries (71%) also indicates a good effort to prevent SQL injection. The vulnerability history shows no known CVEs, suggesting a low historical risk profile.

However, a significant concern arises from the attack surface analysis. The plugin exposes 50 REST API routes, with a substantial 19 of these lacking permission callbacks. This means that a considerable portion of the plugin's functionality can be accessed and potentially manipulated by unauthenticated users, creating a significant risk of unauthorized actions or data exposure. While taint analysis shows no specific flows with unsanitized paths, the sheer number of unprotected REST API endpoints represents a broad potential for exploitation if vulnerabilities exist within those endpoints that were not detected by static analysis or taint flow limitations.

In conclusion, "trivialy" v1.1.0 has strong foundations in secure coding practices, particularly in output handling and SQL query preparation. The lack of historical vulnerabilities is also a positive sign. The primary and most pressing weakness is the large number of unprotected REST API routes, which represents a substantial and readily exploitable attack surface. Addressing these unprotected endpoints should be the highest priority for improving the plugin's security.

Key Concerns

REST API routes without permission callbacks

Vulnerabilities

1 published

Make My Trivia Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-39706medium · 5.3Missing Authorization

Make My Trivia <= 1.1.0 - Missing Authorization

Mar 1, 2026Unpatched

Version History

Make My Trivia Release Timeline

v1.1.0Current1 CVE

CVE-2026-39706

v1.0.01 CVE

CVE-2026-39706

Code Analysis

Analyzed Mar 16, 2026

Make My Trivia Code Analysis

Dangerous Functions

Raw SQL Queries

54 prepared

Unescaped Output

257 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

71% prepared76 total queries

Output Escaping

100% escaped257 total outputs

Attack Surface

19 unprotected

Make My Trivia Attack Surface

Entry Points50

Unprotected19

REST API Routes 50

GET/wp-json/custom/v1/all-quizzes-listapi\admin\AllQuizzesApi.php:8

POST/wp-json/custom/v1/change-statusapi\admin\AllQuizzesApi.php:14

POST/wp-json/custom/v1/bulk-delete-quizzes-listapi\admin\AllQuizzesApi.php:20

POST/wp-json/custom/v1/delete-quizzes-list/(?P<id>\d+)api\admin\AllQuizzesApi.php:28

GET/wp-json/custom/v1/check-live-statusapi\admin\CheckingApi.php:10

GET/wp-json/custom/v1/get-prefixapi\admin\CheckingApi.php:18

GET/wp-json/custom/v1/dashboard-infoapi\admin\DashboardApi.php:5

POST/wp-json/custom/v1/save-drag-quiz-dataapi\admin\DragApi.php:11

GET/wp-json/custom/v1/get-all-drag-quiz-dataapi\admin\DragApi.php:20

GET/wp-json/custom/v1/get-drag-quiz-data/(?P<id>\d+)api\admin\DragApi.php:29

DELETE/wp-json/custom/v1/delete-drag-quiz-data/(?P<id>\d+)api\admin\DragApi.php:36

POST/wp-json/custom/v1/update-drag-quiz-data/(?P<id>\d+)api\admin\DragApi.php:45

POST/wp-json/custom/v1/bulk-delete-drag-quiz-dataapi\admin\DragApi.php:53

POST/wp-json/custom/v1/save-drag-leaderboard-dataapi\admin\DragLeaderboardApi.php:11

GET/wp-json/custom/v1/get-all-drag-leaderboard-dataapi\admin\DragLeaderboardApi.php:18

POST/wp-json/custom/v1/get-all-drag-leaderboard-sorted-dataapi\admin\DragLeaderboardApi.php:27

POST/wp-json/custom/v1/save-fomo-popup-quiz-dataapi\admin\FomoPopupApi.php:11

POST/wp-json/custom/v1/get-fomo-popup-image-pathapi\admin\FomoPopupApi.php:20

GET/wp-json/custom/v1/get-fomo-popup-quiz-data/(?P<id>\d+)api\admin\FomoPopupApi.php:27

DELETE/wp-json/custom/v1/delete-fomo-popup-quiz-data/(?P<id>\d+)api\admin\FomoPopupApi.php:34

POST/wp-json/custom/v1/update-fomo-popup-quiz-data/(?P<id>\d+)api\admin\FomoPopupApi.php:43

GET/wp-json/custom/v1/get-all-fomo-popup-quiz-dataapi\admin\FomoPopupApi.php:52

POST/wp-json/custom/v1/bulk-delete-fomo-popup-quiz-dataapi\admin\FomoPopupApi.php:60

GET/wp-json/custom/v1/about-dataapi\admin\InformationApi.php:176

GET/wp-json/custom/v1/user-dataapi\admin\InformationApi.php:181

POST/wp-json/custom/v1/save-popup-quiz-dataapi\admin\PopupApi.php:11

POST/wp-json/custom/v1/get-popup-image-pathapi\admin\PopupApi.php:20

GET/wp-json/custom/v1/get-popup-quiz-data/(?P<id>\d+)api\admin\PopupApi.php:27

DELETE/wp-json/custom/v1/delete-popup-quiz-data/(?P<id>\d+)api\admin\PopupApi.php:34

POST/wp-json/custom/v1/update-popup-quiz-data/(?P<id>\d+)api\admin\PopupApi.php:43

GET/wp-json/custom/v1/get-all-popup-quiz-dataapi\admin\PopupApi.php:52

POST/wp-json/custom/v1/bulk-delete-popup-quiz-dataapi\admin\PopupApi.php:60

POST/wp-json/custom/v1/save-quiz-dataapi\admin\QuizApi.php:10

GET/wp-json/custom/v1/get-quiz-data/(?P<id>\d+)api\admin\QuizApi.php:18

POST/wp-json/custom/v1/update-quiz-data/(?P<id>\d+)api\admin\QuizApi.php:24

POST/wp-json/custom/v1/save-quiz-leaderboard-dataapi\admin\QuizLeaderboardApi.php:11

GET/wp-json/custom/v1/get-all-quiz-leaderboard-dataapi\admin\QuizLeaderboardApi.php:18

POST/wp-json/custom/v1/get-all-quiz-leaderboard-sorted-dataapi\admin\QuizLeaderboardApi.php:26

POST/wp-json/custom/v1/save-scratch-quiz-dataapi\admin\ScratchApi.php:11

GET/wp-json/custom/v1/get-all-scratch-quiz-dataapi\admin\ScratchApi.php:20

GET/wp-json/custom/v1/get-scratch-quiz-data/(?P<id>\d+)api\admin\ScratchApi.php:29

DELETE/wp-json/custom/v1/delete-scratch-quiz-data/(?P<id>\d+)api\admin\ScratchApi.php:36

POST/wp-json/custom/v1/update-scratch-quiz-data/(?P<id>\d+)api\admin\ScratchApi.php:46

POST/wp-json/custom/v1/delete-bulk-scratch-quiz-dataapi\admin\ScratchApi.php:54

POST/wp-json/custom/v1/save-spin-quiz-dataapi\admin\SpinApi.php:11

GET/wp-json/custom/v1/get-all-spin-quiz-dataapi\admin\SpinApi.php:20

GET/wp-json/custom/v1/get-spin-quiz-data/(?P<id>\d+)api\admin\SpinApi.php:29

DELETE/wp-json/custom/v1/delete-spin-quiz-data/(?P<id>\d+)api\admin\SpinApi.php:36

POST/wp-json/custom/v1/update-spin-quiz-data/(?P<id>\d+)api\admin\SpinApi.php:45

POST/wp-json/custom/v1/delete-bulk-spin-quiz-dataapi\admin\SpinApi.php:53

WordPress Hooks 19

actionrest_api_initapi\admin\AllQuizzesApi.php:7

actionrest_api_initapi\admin\CheckingApi.php:9

actionrest_api_initapi\admin\CheckingApi.php:17

actionrest_api_initapi\admin\DashboardApi.php:4

actionrest_api_initapi\admin\DragApi.php:9

actionrest_api_initapi\admin\DragLeaderboardApi.php:9

actionrest_api_initapi\admin\FomoPopupApi.php:9

actionrest_api_initapi\admin\InformationApi.php:175

actionrest_api_initapi\admin\PopupApi.php:9

actionrest_api_initapi\admin\QuizApi.php:9

actionrest_api_initapi\admin\QuizLeaderboardApi.php:9

actionrest_api_initapi\admin\ScratchApi.php:9

actionrest_api_initapi\admin\SpinApi.php:9

actionadmin_menunetro-trivialy.php:51

actionadmin_enqueue_scriptsnetro-trivialy.php:52

filteradmin_footer_textnetro-trivialy.php:53

filterupdate_footernetro-trivialy.php:54

actionwp_enqueue_scriptsnetro-trivialy.php:57

actionwp_footernetro-trivialy.php:58

Maintenance & Trust

Make My Trivia Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 10, 2026

PHP min version8.2

Downloads1K

Community Trust

Rating100/100

Number of ratings5

Active installs10

Alternatives

Make My Trivia Alternatives

Interactive Content – H5P

h5p

Create and add rich content to your website for free. Some examples of what you get with H5P are Interactive Video, Quizzes, Collage and Timeline.

40K 3 CVEs

Quiz Maker

quiz-maker

QUIZ MAKER plugin allows you to make an unlimited number of Quizzes, Exams and Tests

20K 24 CVEs

PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more

puzzleme

PuzzleMe makes it easy to add interactive games to your WordPress website - no coding required.

1K 1 CVE

Personal Dictionary – Vocabulary Games, Memory Games

personal-dictionary

Allow your students to create personal dictionary, study the words with the help of memory games. Make learning fun with vocabulary games.

100 1 CVE

LNC AI Quiz Generator for NEAR AI Cloud

lnc-ai-quiz-generator

100

AI-powered quiz generator that creates educational quizzes from your content using NEAR AI Cloud to boost information retention.

10 No CVEs

Developer Profile

Make My Trivia Developer Profile

Netro Systems

2 plugins · 10 total installs

trust score

Avg Security Score

82/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Make My Trivia

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/trivialy/dist/assets//wp-content/plugins/trivialy/src/assets/stat-images/

Script Paths

/wp-content/plugins/trivialy/dist/assets/

Version Parameters

trivialy/dist/assets/

HTML / DOM Fingerprints

CSS Classes

custom-wpcontentcustom-wrap

JS Globals

wpApiSettings

REST Endpoints

/wp-json/trivialy/

FAQ