Lucene search
Bob MatyasWPEX-ID:B3D1FBAE-88C9-45D1-92C6-0A529B21E3B2HistoryJan 03, 2024 - 12:00 a.m.
Wp-Adv-Quiz <= 1.0.4 - Admin+ Stored XSS in Quiz Overview
2024-01-0300:00:00
Bob Matyas
28
admin+ stored xss
wp adv quiz plugin
quiz overview
0.0004 Low
EPSS
Percentile
14.0%
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. Under "WP Adv Quiz -> WP Adv Quiz" click "add quiz".
2. For the title, enter: '"><script>alert(1999)</script>'.
3. Save the quiz.
4. Navigate back to "WP Adv Quiz -> WP Adv Quiz" and see the XSS.Related
wpvulndb
wpvulndb
Wp-Adv-Quiz <= 1.0.4 - Admin+ Stored XSS in Quiz Overview
2024-01-03 00:00:00
cvelist
cvelist
CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview
2024-01-29 14:44:20
prion
prion
Cross site scripting
2024-01-29 15:15:00
nvd
nvd
CVE-2023-5956
2024-01-29 15:15:09
cve
cve
CVE-2023-5956
2024-01-29 15:15:09