4 matches found
WordPress Qwizcards < 3.95 - Cross-Site Scripting (Reflected)
The WordPress Qwizcards plugin before version 3.95 does not sanitise and escape the "themestylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting vulnerability. id: CVE-2025-6174 info: name: WordPress Qwizcards alert'randstr'" matchers...
WordPress WordPress Qwizcards plugin < 3.95 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Tommaso Gregori p1s1o in WordPress Plugin Qwizcards versions 3.95...
CVE-2025-6174 WordPress Qwizcards <= 3.9.4 - Reflected XSS
The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user...
CVE-2025-6174
The WordPress Qwizcards plugin (versions up to 3.9.4) is affected by a Reflected XSS due to insufficient sanitisation/escaping of the stylesheet parameter(s) when reflected back in the page. Specifically, the vulnerability is described as affecting the _stylesheet parameter (per CVE description) ...