PT-2022-25663 · WordPress · The Quizlord
Machupalli Sree Pragna
·
Published
2022-12-19
·
Updated
2022-12-23
·
CVE-2022-4112
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Quizlord WordPress plugin versions through 2.0
Description
The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitising and escaping some of its settings.
Recommendations
For The Quizlord WordPress plugin versions through 2.0, update to a version that properly sanitises and escapes its settings to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the use of the plugin's settings by high privilege users until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
The Quizlord