The plugin does not sanitise or escape the ‘s’ and paged GET parameter before outputting them in attributes, leading to Reflected Cross-Site Scripting issues
https://example.com/wp-admin/admin.php?page=mlw_quiz_list&s;=“>&paged;=”>
CPE | Name | Operator | Version |
---|---|---|---|
quiz-master-next | lt | 7.1.14 |