Wp-Adv-Quiz <= 1.0.4 – Admin+ Stored XSS in Quiz Overview | CVE 2023-5956 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

1. Under "WP Adv Quiz -> WP Adv Quiz" click "add quiz".
2. For the title, enter: '"><script>alert(1999)</script>'.
3. Save the quiz.
4. Navigate back to "WP Adv Quiz -> WP Adv Quiz" and see the XSS.

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

b3d1fbae-88c9-45d1-92c6-0a529b21e3b2

Timeline

Publicly Published

2024-01-03 (about 4 months ago)

Added

2024-01-03 (about 4 months ago)

Last Updated

2024-03-22 (about 1 months ago)

Other

Published

Title

Published

2023-11-06

Title

POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting

Published

2019-11-08

Title

Safe SVG < 1.9.6 - XSS Protection Bypass

Published

2022-02-17

Title

Profile Builder < 3.6.2 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

2-Click-Socialmedia-Buttons < 0.35 - Cross Site Scripting

Published

2024-04-12

Title

WP Google Analytics Events < 2.8.1 - Reflected Cross-Site Scripting