7 matches found
CVE-2015-9386
The CVE-2015-9386 entry concerns the mtouch-quiz WordPress plugin, affected in versions before 3.1.3. The provided documents describe an XSS vulnerability via the quiz parameter during a Quiz Manage operation. This is supported by multiple sources (NVD entry notes XSS in mtouch-quiz before 3.1.3;...
CVE-2015-9389
CVE-2015-9389 affects the mTouch Quiz WordPress plugin prior to version 3.1.3 , with XSS via the quiz name . The vulnerability is described in multiple sources as a client‑side/script injection issue in the plugin’s quiz name field, enabling cross‑site scripting. The supplied connected documents ...
CVE-2022-2410
CVE-2022-2410 affects the WordPress mTouch Quiz plugin up to version 3.1.3. The issue is due to insufficient sanitization/escaping of certain settings, enabling Stored XSS when unfiltered_html is disallowed (e.g., multisite). Affected component: plugin settings handling; root cause: lack of input...
CVE-2015-9388
CVE-2015-9388 affects the WordPress mtouch-quiz plugin, specifically versions prior to 3.1.3. The vulnerability is a CSRF on wp-admin/edit.php that can result in cross-site scripting (XSS). Red Hat and NVD entries corroborate the issue. Impact is partial integrity compromise (per CVSS) with no co...
CVE-2015-9387
The CVE-2015-9387 entry concerns the mTouch Quiz WordPress plugin prior to version 3.1.3. The root cause is a cross-site request forgery (CSRF) vulnerability in wp-admin/options-general.php, which could allow an attacker to induce an administrator’s browser to perform unwanted actions on the Word...
CVE-2014-100022
The CVE-2014-100022 issue affects the WordPress plugin mTouch Quiz (WordPress plugin) specifically the 3.0.7-and-earlier versions. The vulnerability arises in the file question.php, where the quiz parameter passed to wp-admin/edit.php enables SQL injection due to improper input handling. This can...
CVE-2014-100023
CVE-2014-100023 affects the WordPress mTouch Quiz plugin (before 3.0.7). The vulnerability is a cross-site scripting (XSS) in question.php where the quiz parameter sent to wp-admin/edit.php can inject arbitrary script/HTML. Documented as reflected XSS in various sources; impact is remote attacker...