harmonic_design CVE debriefs

CVE-2026-13422

The HD Quiz plugin for WordPress, versions 2.2.0 to 2.2.1, is vulnerable to Cross-Site Request Forgery (CSRF). This vulnerability stems from missing or incorrect nonce validation in the hdq_validate_nonce function. Successful exploitation allows unauthenticated attackers to delete or modify quizzes and questions, create new quizzes, and change plugin settings by tricking site administrators into performin [truncated]