CVE-2024-4934 Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS

2024-07-0106:00:01

WPScan

github.com

cve-2024-4934

wordpress

plugin

stored xss

contributor

cross-site scripting

AI Score

5.6

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*"
    ],
    "vendor": "expresstech",
    "product": "quiz_and_survey_master",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "9.0.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]