Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
Visit the following URL: https://example.com/wp-admin/admin.php?page=quiz-maker-questions&fake;"><script>alert(/xss/)</script>=something
CPE | Name | Operator | Version |
---|---|---|---|
eq | 6.4.9.5 |