Lucene search
Bob MatyasWPVDB-ID:B3D1FBAE-88C9-45D1-92C6-0A529B21E3B2HistoryJan 03, 2024 - 12:00 a.m.
Wp-Adv-Quiz <= 1.0.4 - Admin+ Stored XSS in Quiz Overview
2024-01-0300:00:00
Bob Matyas
wpscan.com
3
wp-adv-quiz
stored cross-site scripting
admin privileges
0.0004 Low
EPSS
Percentile
14.0%
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PoC
1. Under “WP Adv Quiz -> WP Adv Quiz” click “add quiz”. 2. For the title, enter: ‘">’. 3. Save the quiz. 4. Navigate back to “WP Adv Quiz -> WP Adv Quiz” and see the XSS.
Related
wpexploit
wpexploit
Wp-Adv-Quiz <= 1.0.4 - Admin+ Stored XSS in Quiz Overview
2024-01-03 00:00:00
prion
prion
Cross site scripting
2024-01-29 15:15:00
nvd
nvd
CVE-2023-5956
2024-01-29 15:15:09
cvelist
cvelist
CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview
2024-01-29 14:44:20
cve
cve
CVE-2023-5956
2024-01-29 15:15:09