CVE-2023-0038

Name of the Vulnerable Software and Affected Versions Survey Maker – Best WordPress Survey Plugin versions up to, and including, 3.1.3

Description The issue is related to Stored Cross-Site Scripting via survey answers due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts when submitting quizzes, which will execute whenever a user accesses the submissions page.

Recommendations For versions up to, and including, 3.1.3, update to a version later than 3.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the submissions page to minimize the risk of exploitation. Additionally, disabling the submission of quizzes until a patch is available can help mitigate the risk.