15 matches found
CVE-2023-5943
The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2023-5956
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Wp-Adv-Quiz Plugin < 1.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Wp-Adv-Quiz Type Plugin Vulnerable versions 1.0.3 Fixed in 1.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5943 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 12e6f67d0d8b Credits Rafael Aristodimou Required...
WordPress Wp-Adv-Quiz Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Wp-Adv-Quiz Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bf0336ffbf73 Credits Bob Matyas Required privilege...
CVE-2023-5956
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5956
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5943 Wp-Adv-Quiz < 1.0.3 - Admin+ Stored XSS
The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2023-5943
CVE-2023-5943 affects the WordPress plugin Wp-Adv-Quiz prior to version 1.0.3. Root cause: the plugin does not sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is disallowed. Impact: Cross-Site Scripting could affect si...
CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5956
CVE-2023-5956 affects the WordPress plugin Wp-Adv-Quiz (versions up to 1.0.2; some sources indicate
WordPress plugin Wp-Adv-Quiz security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin Wp-Adv-Quiz security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
Wp-Adv-Quiz <= 1.0.4 - Admin+ Stored XSS in Quiz Overview
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Under "WP Adv Quiz - WP Adv...
Wp-Adv-Quiz <= 1.0.4 - Admin+ Stored XSS in Quiz Overview
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Under "WP Adv Quiz - WP Adv Quiz"...