Quiz And Survey Master < 8.1.11 – Contributor+ Stored XSS | CVE 2023-3575 | Plugin Vulnerabilities

Description

The plugin does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a Contributor, create or edit a Quiz with the default theme and put the following payload in a question title: Q1<a<a> href="javascript&colon;alert(/XSS/)">Click Me!

The XSS will be triggered after a user submit the related Quiz embed in a page/post and click on the "Click Me!" link

Affects Plugins

quiz-master-next

Fixed in 8.1.11

References

CVE

URL

https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Andreas Damen

Submitter

Andreas Damen

Verified

Yes

WPVDB ID

6f884688-2c0d-4844-bd31-ef7085edf112

Timeline

Publicly Published

2023-07-17 (about 9 months ago)

Added

2023-07-17 (about 9 months ago)

Last Updated

2023-08-01 (about 9 months ago)

Other

Published

Title

Published

2021-07-19

Title

Custom Login Redirect <= 1.0.0 - CSRF to Stored XSS

Published

2022-11-23

Title

Image Map Pro < 5.6.9 - Cross-Site Scripting

Published

2020-08-13

Title

Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2023-06-22

Title

WPBakery Page Builder < 6.13.0 - Contributor+ Stored XSS

Published

2024-04-22

Title

Royal Elementor Addons and Templates < 1.3.972 - Contributor+ Stored Cross-Site Scripting via Advanced Accordion Title Tags