Reflected Cross-Site Scripting Vulnerability in Quiz And Survey Master WordPress Plugin

Reflected Cross-Site Scripting Vulnerability in Quiz And Survey Master WordPress Plugin

CVE-2021-24368 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link

Learn more about our Wordpress Pen Testing.