controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.
9.8CVSS
10AI Score
0.01EPSS
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.
6.1CVSS
6AI Score
0.001EPSS