CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4212 – Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf
https://notcve.org/view.php?id=CVE-2022-4212
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site Sc... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4213 – Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn
https://notcve.org/view.php?id=CVE-2022-4213
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site S... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2825368%40chained-quiz&new=2825368%40chained-quiz&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4214 – Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip
https://notcve.org/view.php?id=CVE-2022-4214
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site S... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4215 – Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date
https://notcve.org/view.php?id=CVE-2022-4215
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4216 – Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID
https://notcve.org/view.php?id=CVE-2022-4216
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a través de... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4217 – Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key
https://notcve.org/view.php?id=CVE-2022-4217
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del parámetro '... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24690 – Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-24690
07 Sep 2021 — The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings. El plugin Chained Quiz de WordPress versiones anteriores a 1.2.7.2, no sanea o escapa correctamente de las entradas en la configuración del plugin • https://wpscan.com/vulnerability/b2f473b4-268c-48b7-95e8-0a8eeaa3fc28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7104 – Chained Quiz <= 1.1.8.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-7104
16 Jan 2020 — The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. El plugin chained-quiz versión 1.1.8.1 para WordPress, presenta una vulnerabilidad de tipo XSS reflejado por medio del parámetro total_questions del archivo wp-admin/admin-ajax.php. • https://wpvulndb.com/vulnerabilities/10029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-14502 – Chained Quiz <= 1.0.8.2 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2018-14502
16 Aug 2018 — controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. El archivo controllers/quizzes.php en el plugin Kiboko Chained Quiz versiones anteriores a 1.0.9 para WordPress, permite a usuarios no autentificados remotos ejecutar comandos SQL arbitrarios por medio de los parámetros "answer" y "answers". • https://wordpress.org/plugins/chained-quiz/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10892 – Chained Quiz Plugin < 1.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10892
12 Jan 2017 — The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. El plugin encadenado-quiz antes de 1.0 para WordPress tiene múltiples problemas XSS. The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 0.9.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user... • https://wordpress.org/plugins/chained-quiz/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •