CVE-2021-24701

Name of the Vulnerable Software and Affected Versions The Quiz Tool Lite WordPress plugin versions 2.3.15 and earlier

Description The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization in multiple input fields used for creating or managing quizzes and other setting options, even when the unfiltered html capability is disallowed.

Recommendations For versions 2.3.15 and earlier, update to a version later than 2.3.15 to resolve the issue. As a temporary workaround, consider restricting access to the quiz management and setting options to minimize the risk of exploitation. Avoid using the vulnerable input fields in the affected plugin until the issue is resolved.