WordPress Plugin Vulnerabilities

Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the Quiz Url Slug setting: "><script>alert(/XSS/)</script>

Create a quiz and publish it. The XSS will be triggered when editing the Quizz (ie wp-admin/admin.php?page=mlw_quiz_options&quiz_id=4), or accessing the Quizzes/Surveys page (/wp-admin/admin.php?page=mlw_quiz_list)

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 7.3.2

References

CVE
CVE-2021-24691

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Shivam Rai
Submitter
Shivam Rai
Submitter twitter
shivam24rai
Verified
Yes
WPVDB ID
ecf6a082-b563-42c4-9d8c-3757aa6b696f

Timeline

Publicly Published
2021-09-13 (about 2 years ago)
Added
2021-09-13 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)

Other

Published
Title
Published
2023-01-04
Title
Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode
Published
2024-04-25
Title
ColorNews < 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-05-16
Title
Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting
Published
2021-01-18
Title
WP Shieldon < 1.6.4 - Unauthenticated Cross-Site Scripting (XSS)
Published
2019-06-22
Title
Photospace Responsive < 1.1.8 - Authenticated XSS