CVE-2024-6879

Name of the Vulnerable Software and Affected Versions The Quiz and Survey Master (QSM) WordPress plugin versions prior to 9.1.1

Description The issue is related to the failure of the plugin to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded. This could allow contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.

Recommendations For versions prior to 9.1.1, update to version 9.1.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Quiz fields to minimize the risk of exploitation.