CVE-2021-24368

Name of the Vulnerable Software and Affected Versions The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin versions prior to 7.1.18

Description The issue is related to a reflected Cross-Site Scripting problem, where the result id parameter is not properly sanitised or escaped when displaying an existing quiz result page. This could lead to privilege escalation by inducing a logged-in admin to open a malicious link.

Recommendations For versions prior to 7.1.18, update to version 7.1.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the quiz result page or disabling the feature that displays existing quiz results until the update is applied. Avoid using the result id parameter in the affected page until the issue is resolved.