WordPress Plugin Vulnerabilities

ARI Stream Quiz < 1.3.0 - Contributor+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
ari-stream-quiz
Fixed in 1.3.0

References

CVE
CVE-2023-47835
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/edb4f4b7-a59c-454b-82b5-d8e91c1c82a3

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
emad
Verified
No
WPVDB ID
5a76042c-0926-4b74-840e-8ea46fdcca99

Timeline

Publicly Published
2023-11-16 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-04 (about 2 years ago)

Other

Published
Title
Published
2026-01-06
Title
1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
Published
2022-05-16
Title
FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting
Published
2025-09-15
Title
Email Template Customizer for WooCommerce < 1.2.18 - Authenticated (Shop manager+) Stored Cross-Site Scripting
Published
2014-08-01
Title
wpcb 2.4.8 - facture.php id Parameter Reflected XSS
Published
2024-05-16
Title
Essential Blocks < 4.5.13 - Contributor+ Stored XSS