4 matches found
WordPress Wp-Adv-Quiz Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Wp-Adv-Quiz Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bf0336ffbf73 Credits Bob Matyas Required privilege...
CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5956
CVE-2023-5956 affects the WordPress plugin Wp-Adv-Quiz (versions up to 1.0.2; some sources indicate
CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...