First published: Sun Aug 16 2020(Updated: )
php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Expresstech Quiz And Survey Master | <4.7.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2016-11085.
The title of this vulnerability is 'php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.'
The severity of CVE-2016-11085 is medium with a CVSS score of 6.5.
The Expresstech Quiz And Survey Master plugin before version 4.7.9 for WordPress is affected by CVE-2016-11085.
Yes, updating the plugin to version 4.7.9 or newer will fix CVE-2016-11085.