WordPress Plugin Vulnerabilities

ARI Stream Quiz < 1.3.0 - Cross-Site Request Forgery

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
ari-stream-quiz
Fixed in 1.3.0

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b758c8a7-6220-4b54-af88-7933a530b5ba

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
14a51673-a4db-4e05-8211-a61a1b551f23

Timeline

Publicly Published
2023-11-21 (about 2 years ago)
Added
2024-01-24 (about 2 years ago)
Last Updated
2024-01-24 (about 2 years ago)

Other

Published
Title
Published
2016-03-17
Title
Bulletproof Security <= .53.2 - Multiple Cross Site Scripting Vulnerabilities
Published
2021-06-21
Title
Simple Sort&Search <= 0.0.3 - Ccontributor+ Stored XSS
Published
2025-03-03
Title
Structured Content (JSON-LD) #wpsc < 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode
Published
2021-01-20
Title
Advanced Custom Field Pro < 5.9.1 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2017-12-05
Title
Smart Marketing SMS and Newsletters Forms < 2.0.0 - Unauthenticated Cross-Site Scripting (XSS)