First published: Tue Feb 21 2023(Updated: )
The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Watu Quiz | <3.3.8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-0429.
The severity of CVE-2023-0429 vulnerability is medium with a severity value of 4.8.
The vulnerability allows high privilege users, such as admin, to perform stored cross-site scripting attacks by not sanitizing and escaping some of its settings.
Yes, the vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in a multisite setup.
To fix the vulnerability, update the plugin to version 3.3.8.2 or later.