Stored XSS Vulnerability in Quizlord Plugin for WordPress
CVE-2018-17140
5.4MEDIUM
What is CVE-2018-17140?
The Quizlord plugin for WordPress, up to version 2.0, is susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability arises from improper handling of user input in the title parameter during the ql_insert action, which can be exploited by attackers to inject malicious scripts. These scripts may execute in the context of a user’s browser session, leading to unauthorized actions or data exposure.