84 matches found
PT-2023-31937 · WordPress · Ari Stream Quiz – Wordpress Quizzes Builder
Name of the Vulnerable Software and Affected Versions: ARI Stream Quiz – WordPress Quizzes Builder versions 1.3.0 and earlier Description: The issue is related to the deserialization of untrusted data in ARI Stream Quiz – WordPress Quizzes Builder. This can potentially lead to security risks. No...
CVE-2023-47835
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin = 1.2.32 versions...
CVE-2023-47835 WordPress ARI Stream Quiz Plugin <= 1.2.32 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin = 1.2.32 versions...
CVE-2023-47835
CVE-2023-47835 — ARI Stream Quiz (WordPress)
CVE-2022-4218
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...
PT-2022-26300 · WordPress · Chained Quiz
Name of the Vulnerable Software and Affected Versions: Chained Quiz plugin for WordPress versions up to, and including, 1.3.2.4 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the list quizzes function. This allows unauthenticated attackers to...
CVE-2022-27854 WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher role via &wpttestpagesubmitbuttoncaption parameter...
CVE-2022-27854
The CVE-2022-27854 entry documents an authenticated Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s WordPress plugin “Psychological tests & quizzes” (versions
CVE-2021-36867 WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher user rights...
CVE-2021-36867
Summary of CVE-2021-36867 (WordPress plugin: Psychological tests & quizzes
WordPress plugin Psychological tests & quizzes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Psychological tests...
WordPress plugin Psychological tests & quizzes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Psychological tests & quizzes plugin versions = 0.21.19. Solution No patched version is available...
WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Psychological tests & quizzes plugin versions = 0.21.19. Solution No patched version...
CVE-2021-43129
A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz...
WordPress "WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto" plugin < 5.3.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress "WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto" plugin versions 5.3.2. Solution Update the WordPress "WordPress form builder plugin for contact forms, surveys and...
Cross site scripting
The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site request forgery (csrf)
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...
WordPress Qwiz Online Quizzes And Flashcards Cross-Site Scripting Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress Qwiz Online Quizzes And Flashcards...
Qwiz Online Quizzes And Flashcards <= 3.36 - Unauthenticated Reflected Cross Site Scripting
The qname, iqwiz, sessionid and username parameters passed to the registrationcomplete.php file are affected by XSS issues. Plugin has been closed while the issue is being fixed. /wp-content/plugins/qwiz-online-quizzes-and-flashcards/registrationcomplete.php?&qname=alert"XSS"...