Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbShivam RaiWPVDB-ID:F7B95789-43F2-42A5-95E6-EB7ACCBD5ED3
HistoryOct 11, 2021 - 12:00 a.m.

Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting

2021-10-1100:00:00
Shivam Rai
wpscan.com
8
cross-site scripting
plugin
admin
input sanitization
privilege escalation

EPSS

0.001

Percentile

24.8%

JSON

The plugin does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

PoC

1. When creating a new Question Pot, you can inject an XSS payload like "> in the Quiz Name. 2. When adding a new quiz, you can inject an XSS payload like "> in the Quiz Name. 3. When managing the plugin’s Email Setting, you can inject an XSS payload like "> in the “And from this name” field.

Related

prion 1
cve 1
patchstack 1
cvelist 1
nvd 1
wpexploit 1
prion
prion
Cross site scripting
2021-11-08 18:15:00
cve
cve
CVE-2021-24701
2021-11-08 18:15:09
patchstack
patchstack
WordPress Quiz Tool Lite plugin <= 2.3.15 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
2021-10-11 00:00:00
cvelist
cvelist
CVE-2021-24701 Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting
2021-11-08 17:35:09
nvd
nvd
CVE-2021-24701
2021-11-08 18:15:09
wpexploit
wpexploit
Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting
2021-10-11 00:00:00

EPSS

0.001

Percentile

24.8%

JSON
Related for WPVDB-ID:F7B95789-43F2-42A5-95E6-EB7ACCBD5ED3
prion1cve1patchstack1cvelist1nvd1wpexploit1