CVE-2023-6166 – Quiz Maker < 6.4.9.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6166
The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting El complemento Quiz Maker WordPress anterior a 6.4.9.5 no escapa de las URL generadas antes de mostrarlas en atributos, lo que genera Cross-Site Scripting Reflejado. The Quiz Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 6.4.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/e6155d9b-f6bb-4607-ad64-1976a8afe907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-2571 – Quiz Maker < 6.4.2.7 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-2571
The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin The Quiz Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 6.4.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/2dc02e5c-1c89-4053-a6a7-29ee7b996183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-23985 – WordPress Quiz Maker plugin <= 6.3.9.4 - Content Spoofing
https://notcve.org/view.php?id=CVE-2023-23985
Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. Vulnerabilidad de autorización faltante en el equipo de Quiz Maker Quiz Maker. Este problema afecta a Quiz Maker: desde n/a hasta 6.3.9.4. The Quiz Maker plugin for WordPress is vulnerable to content spoofing in versions up to, and including 6.3.9.4. This makes it possible for unauthenticated attackers to inject content that may alter the content and display of select pages. • https://patchstack.com/database/vulnerability/quiz-maker/wordpress-quiz-maker-plugin-6-3-9-4-content-spoofing?_s_id=cve • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-862: Missing Authorization •
CVE-2021-24456 – Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections
https://notcve.org/view.php?id=CVE-2021-24456
The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard El plugin Quiz Maker WordPress versiones anteriores a 6.2.0.9, no saneaba y escapaba correctamente los parámetros order y orderby antes de usarlos en sentencias SQL, conllevando a problemas de inyección SQL en el panel de administración • https://wpscan.com/vulnerability/929ad37d-9cdb-4117-8cd3-cf7130a7c9d4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •