WordPress Plugin Vulnerabilities

Quiz And Survey Master < 7.3.5 - Contributor+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 7.3.5

References

CVE
CVE-2021-36905

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Vlad Vector
Verified
No
WPVDB ID
f8ac6341-fe07-464b-9bcd-da3fa2a27c88

Timeline

Publicly Published
2022-10-21 (about 3 years ago)
Added
2022-11-18 (about 3 years ago)
Last Updated
2022-11-18 (about 3 years ago)

Other

Published
Title
Published
2024-03-25
Title
Super Socializer < 7.13.64 - Editor+ Stored XSS
Published
2025-10-10
Title
Draft List < 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-04-20
Title
Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF
Published
2024-06-17
Title
WP Job Portal < 2.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2023-05-12
Title
WeebotLite <= 1.0.0 - Admin+ Stored XSS