CVE-2024-10636

Name of the Vulnerable Software and Affected Versions The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 8.8.0 and earlier (Business) The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 21.8.0 and earlier (Developer) The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 31.8.0 and earlier (Agency)

Description The issue is related to Reflected Cross-Site Scripting via the content parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Recommendations For The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 8.8.0 and earlier (Business), update to a version later than 8.8.0. For The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 21.8.0 and earlier (Developer), update to a version later than 21.8.0. For The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 31.8.0 and earlier (Agency), update to a version later than 31.8.0. As a temporary workaround, consider restricting access to the content parameter to minimize the risk of exploitation.