Wp-Adv-Quiz < 1.0.3 – Admin+ Stored XSS | CVE 2023-5943 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Proof of Concept

1. Add a new quiz.
2. Under the created quiz, click on "Questions".
3. Add a question and enter a payload like "<script>alert(1)</script>" for the question and message fields.
4. Save and see the XSS on the frontend of the site when the shortcode is added.

Affects Plugins

Fixed in 1.0.3

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Rafael Aristodimou

Submitter

Rafael Aristodimou

Verified

Yes

WPVDB ID

18fbe9d5-4829-450b-988c-8ba4becd032a

Timeline

Publicly Published

2024-01-03 (about 4 months ago)

Added

2024-01-03 (about 4 months ago)

Last Updated

2024-01-17 (about 3 months ago)

Other

Published

Title

Published

2024-03-18

Title

Tourfic < 2.11.8 - Reflected Cross-Site Scripting

Published

2023-01-03

Title

Members Import <= 1.4.2 - XSS via Imported CSV

Published

2024-02-26

Title

Configure SMTP <= 3.1 - Reflected Cross-Site Scripting

Published

2021-06-21

Title

Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2014-08-01

Title

Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS