WordPress · The Quiz/Survey Master · CVE-2024-6879
**Name of the Vulnerable Software and Affected Versions**
The Quiz and Survey Master (QSM) WordPress plugin versions prior to 9.1.1
**Description**
The issue is related to the failure of the plugin to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded. This could allow contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.
**Recommendations**
For versions prior to 9.1.1, update to version 9.1.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Quiz fields to minimize the risk of exploitation.