Lucene search
WPScanCVELIST:CVE-2024-2640HistoryJul 12, 2024 - 6:00 a.m.
CVE-2024-2640 Watu Quiz < 3.4.1.2 - Author+ Stored XSS
2024-07-1206:00:05
WPScan
www.cve.org
3
cve-2024-2640
watu quiz
wordpress
stored xss
cross-site scripting
EPSS
0
Percentile
14.5%
The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if theyβve been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Watu Quiz",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.4.1.2"
}
],
"defaultStatus": "unaffected"
}
]Related
cve
cve
CVE-2024-2640
2024-07-12 06:15:03
vulnrichment
vulnrichment
CVE-2024-2640 Watu Quiz < 3.4.1.2 - Author+ Stored XSS
2024-07-12 06:00:05
nvd
nvd
CVE-2024-2640
2024-07-12 06:15:03