CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4211 – Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf
https://notcve.org/view.php?id=CVE-2022-4211
The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Chained Quiz para WordPress es vulnerable a Cross-Site Scripting (XSS) Reflejado a través del parámetro 'emailf' en la página 'chainedquiz_list' en versiones hasta la 1.3.2 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutan si logran engañar a un usuario para que realice una acción como hacer clic en un enlace. • https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2824193%40chained-quiz&new=2824193%40chained-quiz&sfp_email=&sfph_mail= https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4211 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38358 – MoolaMojo <= 0.7.4.1 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38358
The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. El plugin MoolaMojo de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro classes encontrado en el archivo ~/views/button-generator.html.php que permite a atacantes inyectar scripts web arbitrario, en versiones hasta 0.7.4.1 incluyéndola • https://plugins.trac.wordpress.org/browser/moolamojo/trunk/views/button-generator.html.php#L16 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38317 – Konnichiwa! Membership <= 0.8.3 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38317
The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3. El plugin Konnichiwa! Membership de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado, por medio del parámetro plan_id en el archivo ~/views/subscriptions.html.php que permite a atacantes inyectar scripts web arbitrario, en versiones hasta 0.8.3 incluyéndola • https://plugins.trac.wordpress.org/browser/konnichiwa/trunk/views/subscriptions.html.php?rev=1625922#L7 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24690 – Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-24690
The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings. El plugin Chained Quiz de WordPress versiones anteriores a 1.2.7.2, no sanea o escapa correctamente de las entradas en la configuración del plugin • https://wpscan.com/vulnerability/b2f473b4-268c-48b7-95e8-0a8eeaa3fc28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7104 – Chained Quiz <= 1.1.8.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-7104
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. El plugin chained-quiz versión 1.1.8.1 para WordPress, presenta una vulnerabilidad de tipo XSS reflejado por medio del parámetro total_questions del archivo wp-admin/admin-ajax.php. • https://wpvulndb.com/vulnerabilities/10029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •