First published: Mon Oct 11 2021(Updated: )
The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Expresstech Quiz And Survey Master | <7.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24691 is a vulnerability in the Quiz And Survey Master WordPress plugin before version 7.3.2 that allows high privilege users to perform Cross-Site Scripting attacks.
CVE-2021-24691 affects the Quiz And Survey Master plugin by not escaping the Quiz Url Slug setting before outputting it in some pages.
CVE-2021-24691 has a severity rating of medium (4.8).
High privilege users can exploit CVE-2021-24691 by performing Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed.
To fix CVE-2021-24691, update the Quiz And Survey Master WordPress plugin to version 7.3.2 or later.