3 matches found
CVE-2021-24571
CVE-2021-24571 (HD Quiz WordPress plugin) : The plugin before 1.8.4 fails to escape some Answers when outputting them in HTML attributes during Quiz generation, enabling a stored XSS vulnerability. Affected component is the Answer output/embedding logic in the WordPress HD Quiz plugin (≤1.8.3). I...
CVE-2024-22161
CVE-2024-22161 concerns WordPress plugin Harmonic Design HD Quiz. The issue is a stored XSS caused by improper input neutralization during web page generation, affecting HD Quiz versions up to and including 1.8.11. Exploitation requires elevated privileges (Administrator) per Patchstack. A fix is...
CVE-2024-13383
The CVE-2024-13383 entry concerns the WordPress HD Quiz plugin (pre-2.0.0). The root cause is lack of proper sanitisation/escaping of certain plugin settings, which can allow Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e...