CVE-2025-14579

Name of the Vulnerable Software and Affected Versions The Quiz Maker WordPress plugin versions prior to 6.7.0.89

Description The software does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site Scripting (XSS) attacks. This is possible even when the unfiltered html capability is not permitted, for example, in a multisite configuration. XSS attacks involve injecting malicious scripts into websites viewed by other users.

Recommendations Update to version 6.7.0.89 or later.