CVE-2021-36905
WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
Vulnerabilidad de Coss-Site Scripting (XSS) de autenticación multiple (con permisos de colaboradores o superiores) almacenada en el complemento Quiz And Survey Master en WordPress en versiones <= 7.3.4.
The Quiz And Survey Master plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 7.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-07-19 CVE Reserved
- 2022-10-21 CVE Published
- 2024-05-13 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Expresstech Search vendor "Expresstech" | Quiz And Survey Master Search vendor "Expresstech" for product "Quiz And Survey Master" | < 7.3.5 Search vendor "Expresstech" for product "Quiz And Survey Master" and version " < 7.3.5" | wordpress |
Affected
| ||||||