10 matches found
WordPress plugin HD Quiz security vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2021-11483
Malware in sbrugna...
CVE-2021-24571
The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues...
CVE-2024-13383
The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13383
The CVE-2024-13383 entry concerns the WordPress HD Quiz plugin (pre-2.0.0). The root cause is lack of proper sanitisation/escaping of certain plugin settings, which can allow Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e...
CVE-2024-13383 HD Quiz < 2.0.0 - Editor+ Stored XSS
The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2025-21455 · WordPress · Hd Quiz
Name of the Vulnerable Software and Affected Versions: HD Quiz WordPress plugin version prior to 2.0.0 Description: The issue concerns the HD Quiz WordPress plugin, where versions prior to 2.0.0 do not properly sanitise and escape some of its settings. This could allow high privilege users, such ...
CVE-2024-22161 WordPress HD Quiz Plugin <= 1.8.11 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harmonic Design HD Quiz allows Stored XSS.This issue affects HD Quiz: from n/a through 1.8.11...
WordPress HD Quiz Plugin <= 1.8.11 is vulnerable to Cross Site Scripting (XSS)
Software HD Quiz Type Plugin Vulnerable versions = 1.8.11 Fixed in 1.8.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22161 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b20e08ed859a Credits MyungJu Kim Required privilege Administrator...
WordPress HD Quiz plugin <= 1.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress HD Quiz plugin versions = 1.8.3. Solution Update the WordPress HD Quiz plugin to the latest available version at least 1.8.4...