WordPress Qwizcards < 3.95 - Cross-Site Scripting (Reflected)

The WordPress Qwizcards plugin before version 3.95 does not sanitise and escape the "themestylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting vulnerability. id: CVE-2025-6174 info: name: WordPress Qwizcards alert'randstr'" matcher...

EUVD-2021-11618

Malware in sbrugna...

EUVD-2025-22421

Malicious code in bioql PyPI...

CVE-2025-6174

The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user...

WordPress Qwizcards plugin cross-site scripting vulnerability

WordPress Qwizcards plugin is a plugin for the WordPress platform that is mainly used to create online quiz question and answer test and flashcard flashcard content. WordPress Qwizcards plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

WordPress WordPress Qwizcards plugin < 3.95 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Tommaso Gregori p1s1o in WordPress Plugin Qwizcards versions 3.95...

CVE-2025-6174

The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user...

CVE-2025-6174

CVE-2025-6174: WordPress Qwizcards plugin up to version 3.9.4/3.95 suffers reflected XSS due to inadequate sanitization/escaping of input parameters (“_stylesheet” or “theme_stylesheet”) before output, enabling script execution in the context of high-privilege users. Affected product: Qwizcards W...

CVE-2025-6174 WordPress Qwizcards <= 3.9.4 - Reflected XSS

The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user...

PT-2025-30544 · WordPress · Qwizcards

Name of the Vulnerable Software and Affected Versions: Qwizcards | online quizzes and flashcards WordPress plugin versions through 3.9.4 Description: The WordPress plugin does not properly sanitize and escape the stylesheet parameter before outputting it, leading to a Reflected Cross-Site Scripti...

WordPress plugin Qwizcards 安全漏洞

WordPress Qwizcards plugin is a plugin for the WordPress platform that is mainly used to create online quiz question and answer test and flashcard flashcard content. WordPress Qwizcards plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

CVE-2021-24706

The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24706

The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24706

The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24706

The vulnerability CVE-2021-24706 affects the WordPress Qwizcards plugin (versions before 3.62). Root cause: inadequate sanitization/escaping of certain settings, allowing stored XSS by high-privilege admins even when unfiltered_html is disabled. Impact: stored Cross-Site Scripting with potential ...

CVE-2021-24706 Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting

The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Within Settings Qwizcards Qwizcardsa Option, put the following payload in the Qwizcards-content HTML...

Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Within Settings Qwizcards Qwizcardsa Option, put the following payload in the Qwizcards-content...