First published: Tue Feb 21 2023(Updated: )
The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Watu Quiz | <3.3.8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-0428 is a vulnerability in the Watu Quiz WordPress plugin before version 3.3.8.2 that allows for Reflected Cross-Site Scripting (XSS) attacks.
CVE-2023-0428 affects the Watu Quiz WordPress plugin by allowing an attacker to execute malicious code through a Reflected Cross-Site Scripting (XSS) attack.
CVE-2023-0428 has a severity level of medium with a score of 6.1.
To fix CVE-2023-0428, update the Watu Quiz WordPress plugin to version 3.3.8.2 or higher, which includes the necessary sanitization and escaping of parameters to prevent the XSS vulnerability.
More information about CVE-2023-0428 can be found at the following reference: https://wpscan.com/vulnerability/c933460b-f77d-4986-9f5a-32d9f3f8b412