WordPress Plugin Vulnerabilities

Chained Quiz < 1.3.2.3 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the dn parameter before outputting it back in the chainedquiz_list page, leading to a Reflected Cross-Site Scripting

Affects Plugins

Plugin icon
chained-quiz
Fixed in 1.3.2.3

References

CVE
CVE-2022-4213

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Muhammad Zeeshan (Xib3rR4dAr)
Verified
No
WPVDB ID
b589b417-a675-48c0-9738-d434c1f2ad7c

Timeline

Publicly Published
2022-12-02 (about 3 years ago)
Added
2022-12-03 (about 3 years ago)
Last Updated
2022-12-03 (about 3 years ago)

Other

Published
Title
Published
2025-04-02
Title
MediaView < 1.1.3 - Reflected Cross-Site Scripting
Published
2015-08-20
Title
Alpine PhotoTile for Instagram <= 1.2.7.5 - Authenticated Cross-Site Scripting (XSS)
Published
2026-03-10
Title
weForms < 1.6.28 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API
Published
2023-10-18
Title
WP Simple HTML Sitemap < 2.6 - Contributor+ Stored XSS
Published
2023-11-06
Title
Bookly < 22.5 - Admin+ Stored XSS