WordPress Plugin Vulnerabilities

Quiz And Survey Master < 4.7.9 - Stored Cross-Site Scripting (XSS) & CSRF

Description

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) & CSRF security vulnerability.

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 4.7.9

References

CVE
CVE-2016-11085
URL
https://advisories.dxw.com/advisories/csrfstored-xss-in-quiz-and-survey-master-formerly-quiz-master-next-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
URL
https://seclists.org/fulldisclosure/2016/Dec/63

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7de8e369-f0fe-406b-aa12-094daa2377b9

Timeline

Publicly Published
2016-12-15 (about 9 years ago)
Added
2016-12-15 (about 9 years ago)
Last Updated
2020-08-18 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
WP Cycle Playlist - Multiple Vulnerabilities
Published
2014-09-17
Title
Google Maps Ready! 1.1.5 - CSRF & XSS
Published
2019-06-08
Title
Breadcrumbs by menu < 1.0.3 - Multiple Issues
Published
2014-08-01
Title
Flash News - Multiple Vulnerabilities
Published
2019-06-19
Title
Shortlinks by Pretty Links <= 2.1.9 - Stored XSS and CSV Injection