The plugin does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.
1. Go to Quiz » Add Categories. 2. Inset a category with the payload as name: . 3. The XSS will be trigged when accessing the Add Categories dashboard again.
CPE | Name | Operator | Version |
---|---|---|---|
wp-best-quiz | eq | * |