Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
1. Add a new quiz. 2. Under the created quiz, click on “Questions”. 3. Add a question and enter a payload like “” for the question and message fields. 4. Save and see the XSS on the frontend of the site when the shortcode is added.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 1.0.3 |