Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday12 views

WordPress Qwizcards < 3.95 - Cross-Site Scripting (Reflected)

The WordPress Qwizcards plugin before version 3.95 does not sanitise and escape the "themestylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting vulnerability. id: CVE-2025-6174 info: name: WordPress Qwizcards alert'randstr'" matchers...

6.1CVSS6.1AI score0.0046EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/07/23 12:37 p.m.7 views

WordPress WordPress Qwizcards plugin < 3.95 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Tommaso Gregori p1s1o in WordPress Plugin Qwizcards versions 3.95...

6.1CVSS6.1AI score0.0046EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/07/23 6:0 a.m.9 views

CVE-2025-6174 WordPress Qwizcards <= 3.9.4 - Reflected XSS

The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user...

0.0046EPSS
Exploits0References1
CVE
CVE
added 2025/07/23 6:0 a.m.28 views

CVE-2025-6174

The WordPress Qwizcards plugin (versions up to 3.9.4) is affected by a Reflected XSS due to insufficient sanitisation/escaping of the stylesheet parameter(s) when reflected back in the page. Specifically, the vulnerability is described as affecting the _stylesheet parameter (per CVE description) ...

6.1CVSS6.3AI score0.0046EPSS
In wildExploits0References1
Rows per page
Query Builder