CVE-2022-4209

Name of the Vulnerable Software and Affected Versions Chained Quiz plugin for WordPress versions up to, and including, 1.3.2

Description The issue arises from insufficient input sanitization and output escaping, allowing Reflected Cross-Site Scripting attacks. This can be exploited via the pointsf parameter on the "chainedquiz list" page, enabling unauthenticated attackers to inject arbitrary web scripts. Attackers can trick users into performing actions like clicking on a link to execute these scripts.

Recommendations For Chained Quiz plugin for WordPress versions up to, and including, 1.3.2, update to a version later than 1.3.2 to resolve the issue. As a temporary workaround, consider restricting access to the "chainedquiz list" page and avoiding use of the pointsf parameter until a patch is available.