Page 4 of 19 results (0.001 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-4211 – Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf

https://notcve.org/view.php?id=CVE-2022-4211

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site Scripting (XSS) Reflejado a través del parámetro 'emailf' en la página 'chainedquiz_list' en versiones hasta la 1.3.2 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutan si logran engañar a un usuario para que realice una acción como hacer clic en un enlace. • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2824193%40chained-quiz&new=2824193%40chained-quiz&sfp_email=&sfph_mail= https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4211 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24690 – Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting

https://notcve.org/view.php?id=CVE-2021-24690

The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings. El plugin Chained Quiz de WordPress versiones anteriores a 1.2.7.2, no sanea o escapa correctamente de las entradas en la configuración del plugin • https://wpscan.com/vulnerability/b2f473b4-268c-48b7-95e8-0a8eeaa3fc28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-14502 – Chained Quiz <= 1.0.8.2 - Unauthenticated SQL Injection

https://notcve.org/view.php?id=CVE-2018-14502

controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. El archivo controllers/quizzes.php en el plugin Kiboko Chained Quiz versiones anteriores a 1.0.9 para WordPress, permite a usuarios no autentificados remotos ejecutar comandos SQL arbitrarios por medio de los parámetros "answer" y "answers". • https://wordpress.org/plugins/chained-quiz/#developers https://wpvulndb.com/vulnerabilities/9112 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10892 – Chained Quiz Plugin < 1.0 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2016-10892

The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. El plugin encadenado-quiz antes de 1.0 para WordPress tiene múltiples problemas XSS. The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 0.9.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wordpress.org/plugins/chained-quiz/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •