2 matches found
CVE-2022-2410
The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2410
CVE-2022-2410 affects the WordPress mTouch Quiz plugin up to version 3.1.3. The issue is due to insufficient sanitization/escaping of certain settings, enabling Stored XSS when unfiltered_html is disallowed (e.g., multisite). Affected component: plugin settings handling; root cause: lack of input...