Quiz Maker < 6.4.9.5 – Reflected Cross-Site Scripting | CVE 2023-6166

Affects Plugins

quiz-maker

Fixed in 6.4.9.5

References

CVE

CVE-2023-6166

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.1 (high)

Miscellaneous

Original Researcher

Alex Sanford

Submitter

Alex Sanford

Submitter website

https://wpscan.com

Verified

Yes

WPVDB ID

e6155d9b-f6bb-4607-ad64-1976a8afe907

Timeline

Publicly Published

2023-11-30 (about 2 years ago)

Added

2023-11-30 (about 2 years ago)

Last Updated

2023-11-30 (about 2 years ago)

Other

Published

Title

Published

2023-02-28

Title

Advanced Text Widget <= 2.1.2 - Admin+ Stored XSS

Published

2024-04-05

Title

Formsite | Embed online forms to collect orders, registrations, leads, and surveys < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-07-16

Title

Image Wall < 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-02-24

Title

Quotes llama < 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-01-14

Title

WP Smart TV < 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting