Lucene search

Slickquiz Security Vulnerabilities

cve

CVE-2019-12517

An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress.....

6.1CVSS

6AI Score

0.002EPSS

2019-09-13 01:15 PM

131

cve

CVE-2019-12516

The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id=...

8.8CVSS

9.1AI Score

0.001EPSS

2019-09-13 01:15 PM

124