Quiz And Survey Master < 8.1.11 – Contributor+ Stored XSS | CVE 2023-3575 | Plugin Vulnerabilities

Description

The plugin does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a Contributor, create or edit a Quiz with the default theme and put the following payload in a question title: Q1<a<a> href="javascript&colon;alert(/XSS/)">Click Me!

The XSS will be triggered after a user submit the related Quiz embed in a page/post and click on the "Click Me!" link

Affects Plugins

quiz-master-next

Fixed in 8.1.11

References

CVE

URL

https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Andreas Damen

Submitter

Andreas Damen

Verified

Yes

WPVDB ID

6f884688-2c0d-4844-bd31-ef7085edf112

Timeline

Publicly Published

2023-07-17 (about 2 years ago)

Added

2023-07-17 (about 2 years ago)

Last Updated

2023-08-01 (about 2 years ago)

Other

Published

Title

Published

2023-09-25

Title

Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

Published

2014-08-01

Title

SimpleMail 1.0.6 - Stored XSS

Published

2023-11-07

Title

Solid Central < 3.0.1 - Stored Cross-Site Scripting via packages

Published

2023-02-13

Title

Simple Yearly Archive < 2.1.9 - Admin+ Stored XSS

Published

2024-10-30

Title

Jigoshop – Store Exporter <= 1.5.8 - Reflected Cross-Site Scripting