CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4210 – Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf
https://notcve.org/view.php?id=CVE-2022-4210
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site Sc... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4211 – Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf
https://notcve.org/view.php?id=CVE-2022-4211
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4212 – Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf
https://notcve.org/view.php?id=CVE-2022-4212
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site Sc... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4213 – Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn
https://notcve.org/view.php?id=CVE-2022-4213
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site S... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2825368%40chained-quiz&new=2825368%40chained-quiz&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4214 – Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip
https://notcve.org/view.php?id=CVE-2022-4214
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site S... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4215 – Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date
https://notcve.org/view.php?id=CVE-2022-4215
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4216 – Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID
https://notcve.org/view.php?id=CVE-2022-4216
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a través de... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4217 – Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key
https://notcve.org/view.php?id=CVE-2022-4217
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del parámetro '... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4218 – Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying
https://notcve.org/view.php?id=CVE-2022-4218
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a la Cross-Site Request Forgery (CSRF) en versiones... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4219 – Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion
https://notcve.org/view.php?id=CVE-2022-4219
02 Dec 2022 — The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a la Cross-Site Request Forgery (CSRF) en versiones hasta... • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e • CWE-352: Cross-Site Request Forgery (CSRF) •