The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
6.1CVSS
6.1AI Score
0.001EPSS
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the ays_quiz_author_user_search AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
5.3CVSS
5.3AI Score
0.001EPSS
The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
6.1CVSS
6AI Score
0.0005EPSS