2 matches found
CVE-2022-4210 Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf
The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2022-4210
CVE-2022-4210: The WordPress plugin Chained Quiz is vulnerable to Reflected Cross-Site Scripting via the dnf parameter on the chainedquiz_list page, affecting versions up to and including 1.3.2. The root cause is insufficient input sanitization and output escaping. Unauthenticated attackers could...