Cross-Site Scripting Vulnerabilities in mTouch Quiz for WordPress
CVE-2014-100023

Currently unrated

Key Information:

Vendor: Wordpress
Status: Mtouch Quiz
Vendor: CVE Published:; 13 January 2015

Summary

The mTouch Quiz plugin for WordPress prior to version 3.0.7 contains multiple cross-site scripting vulnerabilities. These flaws allow remote attackers to inject arbitrary web scripts or HTML into the application via the quiz parameter while accessing wp-admin/edit.php. This can lead to potential exploitation of the affected sites, compromising security and eroding user trust. It is essential for users of mTouch Quiz to update to the latest version to mitigate these risks.

References

http://secunia.com/advisories/57491

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/91949

vdb-entryx_refsource_XF

https://wordpress.org/plugins/mtouch-quiz/changelog/

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015