CVE-2023-0429: XSS
First published: Tue Feb 21 2023(Updated: )
The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kibokolabs Watu Quiz | <3.3.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Watu Quiz WordPress plugin vulnerability?
The vulnerability ID is CVE-2023-0429.
What is the severity of CVE-2023-0429 vulnerability?
The severity of CVE-2023-0429 vulnerability is medium with a severity value of 4.8.
How does the Watu Quiz WordPress plugin vulnerability allow stored cross-site scripting attacks?
The vulnerability allows high privilege users, such as admin, to perform stored cross-site scripting attacks by not sanitizing and escaping some of its settings.
Can the vulnerability be exploited even when the unfiltered_html capability is disallowed?
Yes, the vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in a multisite setup.
How can the Watu Quiz WordPress plugin vulnerability be fixed?
To fix the vulnerability, update the plugin to version 3.3.8.2 or later.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/kibokolabs
- canonical/kibokolabs watu quiz