CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0873 – Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-0873
04 Apr 2024 — The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Watu Quiz para WordPress es vulnerable a ... • https://plugins.trac.wordpress.org/changeset/3036986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0872 – Watu Quiz <= 3.4.1 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-0872
04 Apr 2024 — The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails. El complemento Watu Quiz para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.4.1 incluida a través del código corto wa... • https://plugins.trac.wordpress.org/changeset/3036986 • CWE-639: Authorization Bypass Through User-Controlled Key •