CVE-2023-2571: Quiz Maker < 6.4.2.7 - Reflected XSS
First published: Mon Jun 05 2023(Updated: )
The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ays-pro Quiz Maker | <6.4.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-2571?
CVE-2023-2571 is a vulnerability in the Quiz Maker WordPress plugin that allows for Reflected Cross-Site Scripting.
What is the severity of CVE-2023-2571?
The severity of CVE-2023-2571 is medium with a severity value of 6.1.
How does CVE-2023-2571 impact users?
CVE-2023-2571 allows for Reflected Cross-Site Scripting, which could be used against high privilege users such as admins.
How can I fix CVE-2023-2571?
To fix CVE-2023-2571, update the Quiz Maker WordPress plugin to version 6.4.2.7 or later, which includes the necessary escape parameters.
Where can I find more information about CVE-2023-2571?
You can find more information about CVE-2023-2571 on the WPScan website using this reference: https://wpscan.com/vulnerability/2dc02e5c-1c89-4053-a6a7-29ee7b996183
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/title
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- vendor/ays-pro
- canonical/ays-pro quiz maker