Cross-site Scripting Vulnerability in WP Survey And Quiz Tool Plugin by WordPress
CVE-2010-4630

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-survey-and-quiz-tool
Vendor: CVE Published:; 30 December 2010

Summary

The WP Survey And Quiz Tool plugin for WordPress, version 1.2.1, contains a cross-site scripting vulnerability, located in pages/admin/surveys/create.php. This flaw allows remote attackers to manipulate the action parameter, enabling them to inject arbitrary web scripts or HTML. Successful exploitation can lead to unauthorized actions being taken on behalf of users, compromising data integrity and user trust.

References

http://www.johnleitch.net/Vulnerabilities/WordPress.Surve...

x_refsource_MISC

http://secunia.com/advisories/42196

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/69074

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Dec 30, 2010
Vulnerability Reserved
Dec 30, 2010