Page 2 of 9 results (0.022 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting El complemento Quiz Maker WordPress anterior a 6.4.9.5 no escapa de las URL generadas antes de mostrarlas en atributos, lo que genera Cross-Site Scripting Reflejado. The Quiz Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 6.4.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/e6155d9b-f6bb-4607-ad64-1976a8afe907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin The Quiz Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 6.4.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/2dc02e5c-1c89-4053-a6a7-29ee7b996183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. Vulnerabilidad de autorización faltante en el equipo de Quiz Maker Quiz Maker. Este problema afecta a Quiz Maker: desde n/a hasta 6.3.9.4. The Quiz Maker plugin for WordPress is vulnerable to content spoofing in versions up to, and including 6.3.9.4. This makes it possible for unauthenticated attackers to inject content that may alter the content and display of select pages. • https://patchstack.com/database/vulnerability/quiz-maker/wordpress-quiz-maker-plugin-6-3-9-4-content-spoofing?_s_id=cve • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-862: Missing Authorization •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard El plugin Quiz Maker WordPress versiones anteriores a 6.2.0.9, no saneaba y escapaba correctamente los parámetros order y orderby antes de usarlos en sentencias SQL, conllevando a problemas de inyección SQL en el panel de administración • https://wpscan.com/vulnerability/929ad37d-9cdb-4117-8cd3-cf7130a7c9d4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •