PT-2020-19372 · WordPress · Chained Quiz
Published
2020-01-17
·
Updated
2020-01-24
·
CVE-2020-7104
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
chained-quiz plugin version 1.1.8.1
Description
The issue is related to reflected XSS. It can be exploited via the
total questions parameter in the "wp-admin/admin-ajax.php" API endpoint.Recommendations
For chained-quiz plugin version 1.1.8.1, consider updating to a newer version that addresses this issue. As a temporary workaround, avoid using the
total questions parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chained Quiz