WP-Safety

Make My Trivia Security & Risk Analysis

wordpress.org/plugins/trivialy

Boost sales with Make My Trivia! Engage customers with quizzes, Spin to Win, and more. Incentivize with promo codes and direct links.

100 active installs v1.1.0 PHP 8.2+ WP 5.7+ Updated Jan 10, 2026
couponseducationgamemakemytriviaquiz
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Make My Trivia Safe to Use in 2026?

Generally Safe

Score 100/100

Make My Trivia has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "trivialy" plugin v1.1.0 demonstrates a generally strong security posture with several positive indicators. The complete absence of dangerous functions, file operations, and external HTTP requests is commendable. Furthermore, the plugin achieves 100% output escaping, which is a critical security best practice that significantly mitigates cross-site scripting (XSS) vulnerabilities. The robust use of prepared statements for SQL queries (71%) also indicates a good effort to prevent SQL injection. The vulnerability history shows no known CVEs, suggesting a low historical risk profile.

However, a significant concern arises from the attack surface analysis. The plugin exposes 50 REST API routes, with a substantial 19 of these lacking permission callbacks. This means that a considerable portion of the plugin's functionality can be accessed and potentially manipulated by unauthenticated users, creating a significant risk of unauthorized actions or data exposure. While taint analysis shows no specific flows with unsanitized paths, the sheer number of unprotected REST API endpoints represents a broad potential for exploitation if vulnerabilities exist within those endpoints that were not detected by static analysis or taint flow limitations.

In conclusion, "trivialy" v1.1.0 has strong foundations in secure coding practices, particularly in output handling and SQL query preparation. The lack of historical vulnerabilities is also a positive sign. The primary and most pressing weakness is the large number of unprotected REST API routes, which represents a substantial and readily exploitable attack surface. Addressing these unprotected endpoints should be the highest priority for improving the plugin's security.

Key Concerns

  • REST API routes without permission callbacks
Vulnerabilities
None known

Make My Trivia Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Make My Trivia Code Analysis

Dangerous Functions
0
Raw SQL Queries
22
54 prepared
Unescaped Output
0
257 escaped
Nonce Checks
6
Capability Checks
31
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

71% prepared76 total queries

Output Escaping

100% escaped257 total outputs
Attack Surface
19 unprotected

Make My Trivia Attack Surface

Entry Points50
Unprotected19

REST API Routes 50

GET/wp-json/custom/v1/all-quizzes-listapi\admin\AllQuizzesApi.php:8
POST/wp-json/custom/v1/change-statusapi\admin\AllQuizzesApi.php:14
POST/wp-json/custom/v1/bulk-delete-quizzes-listapi\admin\AllQuizzesApi.php:20
POST/wp-json/custom/v1/delete-quizzes-list/(?P<id>\d+)api\admin\AllQuizzesApi.php:28
GET/wp-json/custom/v1/check-live-statusapi\admin\CheckingApi.php:10
GET/wp-json/custom/v1/get-prefixapi\admin\CheckingApi.php:18
GET/wp-json/custom/v1/dashboard-infoapi\admin\DashboardApi.php:5
POST/wp-json/custom/v1/save-drag-quiz-dataapi\admin\DragApi.php:11
GET/wp-json/custom/v1/get-all-drag-quiz-dataapi\admin\DragApi.php:20
GET/wp-json/custom/v1/get-drag-quiz-data/(?P<id>\d+)api\admin\DragApi.php:29
DELETE/wp-json/custom/v1/delete-drag-quiz-data/(?P<id>\d+)api\admin\DragApi.php:36
POST/wp-json/custom/v1/update-drag-quiz-data/(?P<id>\d+)api\admin\DragApi.php:45
POST/wp-json/custom/v1/bulk-delete-drag-quiz-dataapi\admin\DragApi.php:53
POST/wp-json/custom/v1/save-drag-leaderboard-dataapi\admin\DragLeaderboardApi.php:11
GET/wp-json/custom/v1/get-all-drag-leaderboard-dataapi\admin\DragLeaderboardApi.php:18
POST/wp-json/custom/v1/get-all-drag-leaderboard-sorted-dataapi\admin\DragLeaderboardApi.php:27
POST/wp-json/custom/v1/save-fomo-popup-quiz-dataapi\admin\FomoPopupApi.php:11
POST/wp-json/custom/v1/get-fomo-popup-image-pathapi\admin\FomoPopupApi.php:20
GET/wp-json/custom/v1/get-fomo-popup-quiz-data/(?P<id>\d+)api\admin\FomoPopupApi.php:27
DELETE/wp-json/custom/v1/delete-fomo-popup-quiz-data/(?P<id>\d+)api\admin\FomoPopupApi.php:34
POST/wp-json/custom/v1/update-fomo-popup-quiz-data/(?P<id>\d+)api\admin\FomoPopupApi.php:43
GET/wp-json/custom/v1/get-all-fomo-popup-quiz-dataapi\admin\FomoPopupApi.php:52
POST/wp-json/custom/v1/bulk-delete-fomo-popup-quiz-dataapi\admin\FomoPopupApi.php:60
GET/wp-json/custom/v1/about-dataapi\admin\InformationApi.php:176
GET/wp-json/custom/v1/user-dataapi\admin\InformationApi.php:181
POST/wp-json/custom/v1/save-popup-quiz-dataapi\admin\PopupApi.php:11
POST/wp-json/custom/v1/get-popup-image-pathapi\admin\PopupApi.php:20
GET/wp-json/custom/v1/get-popup-quiz-data/(?P<id>\d+)api\admin\PopupApi.php:27
DELETE/wp-json/custom/v1/delete-popup-quiz-data/(?P<id>\d+)api\admin\PopupApi.php:34
POST/wp-json/custom/v1/update-popup-quiz-data/(?P<id>\d+)api\admin\PopupApi.php:43
GET/wp-json/custom/v1/get-all-popup-quiz-dataapi\admin\PopupApi.php:52
POST/wp-json/custom/v1/bulk-delete-popup-quiz-dataapi\admin\PopupApi.php:60
POST/wp-json/custom/v1/save-quiz-dataapi\admin\QuizApi.php:10
GET/wp-json/custom/v1/get-quiz-data/(?P<id>\d+)api\admin\QuizApi.php:18
POST/wp-json/custom/v1/update-quiz-data/(?P<id>\d+)api\admin\QuizApi.php:24
POST/wp-json/custom/v1/save-quiz-leaderboard-dataapi\admin\QuizLeaderboardApi.php:11
GET/wp-json/custom/v1/get-all-quiz-leaderboard-dataapi\admin\QuizLeaderboardApi.php:18
POST/wp-json/custom/v1/get-all-quiz-leaderboard-sorted-dataapi\admin\QuizLeaderboardApi.php:26
POST/wp-json/custom/v1/save-scratch-quiz-dataapi\admin\ScratchApi.php:11
GET/wp-json/custom/v1/get-all-scratch-quiz-dataapi\admin\ScratchApi.php:20
GET/wp-json/custom/v1/get-scratch-quiz-data/(?P<id>\d+)api\admin\ScratchApi.php:29
DELETE/wp-json/custom/v1/delete-scratch-quiz-data/(?P<id>\d+)api\admin\ScratchApi.php:36
POST/wp-json/custom/v1/update-scratch-quiz-data/(?P<id>\d+)api\admin\ScratchApi.php:46
POST/wp-json/custom/v1/delete-bulk-scratch-quiz-dataapi\admin\ScratchApi.php:54
POST/wp-json/custom/v1/save-spin-quiz-dataapi\admin\SpinApi.php:11
GET/wp-json/custom/v1/get-all-spin-quiz-dataapi\admin\SpinApi.php:20
GET/wp-json/custom/v1/get-spin-quiz-data/(?P<id>\d+)api\admin\SpinApi.php:29
DELETE/wp-json/custom/v1/delete-spin-quiz-data/(?P<id>\d+)api\admin\SpinApi.php:36
POST/wp-json/custom/v1/update-spin-quiz-data/(?P<id>\d+)api\admin\SpinApi.php:45
POST/wp-json/custom/v1/delete-bulk-spin-quiz-dataapi\admin\SpinApi.php:53
WordPress Hooks 19
actionrest_api_initapi\admin\AllQuizzesApi.php:7
actionrest_api_initapi\admin\CheckingApi.php:9
actionrest_api_initapi\admin\CheckingApi.php:17
actionrest_api_initapi\admin\DashboardApi.php:4
actionrest_api_initapi\admin\DragApi.php:9
actionrest_api_initapi\admin\DragLeaderboardApi.php:9
actionrest_api_initapi\admin\FomoPopupApi.php:9
actionrest_api_initapi\admin\InformationApi.php:175
actionrest_api_initapi\admin\PopupApi.php:9
actionrest_api_initapi\admin\QuizApi.php:9
actionrest_api_initapi\admin\QuizLeaderboardApi.php:9
actionrest_api_initapi\admin\ScratchApi.php:9
actionrest_api_initapi\admin\SpinApi.php:9
actionadmin_menunetro-trivialy.php:51
actionadmin_enqueue_scriptsnetro-trivialy.php:52
filteradmin_footer_textnetro-trivialy.php:53
filterupdate_footernetro-trivialy.php:54
actionwp_enqueue_scriptsnetro-trivialy.php:57
actionwp_footernetro-trivialy.php:58
Maintenance & Trust

Make My Trivia Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 10, 2026
PHP min version8.2
Downloads1K

Community Trust

Rating100/100
Number of ratings5
Active installs100
Alternatives

Make My Trivia Alternatives

Interactive Content – H5P

Interactive Content – H5P

h5p

A
96

Create and add rich content to your website for free. Some examples of what you get with H5P are Interactive Video, Quizzes, Collage and Timeline.

40K 3 CVEs
Quiz Maker

Quiz Maker

quiz-maker

B
82

QUIZ MAKER plugin allows you to make an unlimited number of Quizzes, Exams and Tests

20K 22 CVEs
PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more

PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more

puzzleme

A
99

PuzzleMe makes it easy to add interactive games to your WordPress website - no coding required.

1K 1 CVE
Personal Dictionary – Vocabulary Games, Memory Games

Personal Dictionary – Vocabulary Games, Memory Games

personal-dictionary

A
98

Allow your students to create personal dictionary, study the words with the help of memory games. Make learning fun with vocabulary games.

100 1 CVE
Top 5 Games for School / Education from Primary Games Arena

Top 5 Games for School / Education from Primary Games Arena

top-5-educational-flash-interactive-games-for-schools

A
85

Primary Games Arena widget for wp.

10 No CVEs
Developer Profile

Make My Trivia Developer Profile

Netro Systems

2 plugins · 100 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Make My Trivia

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/trivialy/dist/assets//wp-content/plugins/trivialy/src/assets/stat-images/
Script Paths
/wp-content/plugins/trivialy/dist/assets/
Version Parameters
trivialy/dist/assets/

HTML / DOM Fingerprints

CSS Classes
custom-wpcontentcustom-wrap
JS Globals
wpApiSettings
REST Endpoints
/wp-json/trivialy/
FAQ

Frequently Asked Questions about Make My Trivia