WordPress Plugin Vulnerabilities

Chained Quiz < 1.3.2.4 - Multiple Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the ip and date parameters before outputting them back in the chainedquiz_list page, which could lead to reflected Cross-Site Scripting

Affects Plugins

Plugin icon
chained-quiz
Fixed in 1.3.2.4

References

CVE
CVE-2022-4214
CVE
CVE-2022-4215

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Muhammad Zeeshan (Xib3rR4dAr)
Verified
No
WPVDB ID
b040df63-6c2a-49c7-b416-e0f6ebb775a9

Timeline

Publicly Published
2022-12-02 (about 3 years ago)
Added
2022-12-03 (about 3 years ago)
Last Updated
2022-12-03 (about 3 years ago)

Other

Published
Title
Published
2025-04-10
Title
Coming Soon Countdown <= 2.2 - Reflected Cross-Site Scripting
Published
2021-03-24
Title
MapifyLite & MapifyPro < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2024-01-17
Title
Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scripting via Image URl
Published
2023-11-03
Title
Medialist < 1.4.1 - Contributor+ Stored XSS
Published
2025-03-31
Title
Twice Commerce < 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting