WordPress Plugin Vulnerabilities
Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting
Description
The plugin does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Proof of Concept
Put the following payload in the Quiz Url Slug setting: "><script>alert(/XSS/)</script> Create a quiz and publish it. The XSS will be triggered when editing the Quizz (ie wp-admin/admin.php?page=mlw_quiz_options&quiz_id=4), or accessing the Quizzes/Surveys page (/wp-admin/admin.php?page=mlw_quiz_list)
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Shivam Rai
Submitter
Shivam Rai
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-09-13 (about 2 years ago)
Added
2021-09-13 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)