2 matches found
CVE-2024-0873
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2024-0873
CVE-2024-0873: Watu Quiz (WordPress) is vulnerable to Stored Cross-Site Scripting via the watu-basic-chart shortcode on versions up to 3.4.1. Authenticated users with contributor+ privileges can inject scripts that run when other users load the page. The Wordfence entry notes a patch is available...