WordPress · Quiz Maker · CVE-2025-14579
**Name of the Vulnerable Software and Affected Versions**
The Quiz Maker WordPress plugin versions prior to 6.7.0.89
**Description**
The software does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site Scripting (XSS) attacks. This is possible even when the `unfiltered html` capability is not permitted, for example, in a multisite configuration. XSS attacks involve injecting malicious scripts into websites viewed by other users.
**Recommendations**
Update to version 6.7.0.89 or later.