Description The plugin does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
1. Go to to Quizzes & Surveys 2. Add/edit a question on a Quiz, and put the following payload in the answer field: 5. Add the Quiz to a post (via Add block for example) and save The XSS will be triggered when any user will edit the post and click on the Quiz