CVE-2021-24691: XSS
First published: Mon Oct 11 2021(Updated: )
The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Expresstech Quiz And Survey Master | <7.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-24691?
CVE-2021-24691 is a vulnerability in the Quiz And Survey Master WordPress plugin before version 7.3.2 that allows high privilege users to perform Cross-Site Scripting attacks.
How does CVE-2021-24691 affect the Quiz And Survey Master plugin?
CVE-2021-24691 affects the Quiz And Survey Master plugin by not escaping the Quiz Url Slug setting before outputting it in some pages.
What is the severity of CVE-2021-24691?
CVE-2021-24691 has a severity rating of medium (4.8).
How can high privilege users exploit CVE-2021-24691?
High privilege users can exploit CVE-2021-24691 by performing Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed.
How can I fix CVE-2021-24691?
To fix CVE-2021-24691, update the Quiz And Survey Master WordPress plugin to version 7.3.2 or later.
- collector/nvd-index
- vendor/expresstech
- canonical/expresstech quiz and survey master