CVE-2021-24701 Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting

2021-11-0817:35:09

CWE-79

WPScan

www.cve.org

cross-site scripting

wordpress

quiz tool lite

EPSS

0.001

Percentile

24.8%

JSON

The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CNA Affected

[
  {
    "product": "Quiz Tool Lite",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.3.15",
        "status": "affected",
        "version": "2.3.15",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/f7b95789-43f2-42a5-95e6-eb7accbd5ed3

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2021-24701