WordPress Plugin Vulnerabilities

Quiz And Survey Master < 7.3.11 - Subscriber+ XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 7.3.11

References

CVE
CVE-2022-40698

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Thura Moe Myint
Verified
No
WPVDB ID
8caff9df-9365-4511-98a6-714c4f67bfdd

Timeline

Publicly Published
2022-10-21 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2024-12-19
Title
Kintpv Wooconnect < 8.141 - Unauthenticated Stored Cross-Site Scripting
Published
2022-12-23
Title
Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode
Published
2024-03-25
Title
WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-12-17
Title
Leads CRM <= 2.0.13 - Reflected Cross-Site Scripting
Published
2015-07-07
Title
Floating Social Bar < 1.1.7 - Cross-Site Scripting (XSS)