CVE-2023-3575

Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS

CVSS 5.4 MEDIUMEPSS 0.5%

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected products

Unknown · Quiz And Survey Master

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112 https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins