Stored XSS Vulnerability in Quizlord Plugin for WordPress
CVE-2018-17140

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Quizlord
Vendor: CVE Published:; 17 September 2018

What is CVE-2018-17140?

The Quizlord plugin for WordPress, up to version 2.0, is susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability arises from improper handling of user input in the title parameter during the ql_insert action, which can be exploited by attackers to inject malicious scripts. These scripts may execute in the context of a user’s browser session, leading to unauthorized actions or data exposure.

References

https://www.exploit-db.com/exploits/45307/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2018
Vulnerability Reserved
Sep 17, 2018

Wordpress

What is CVE-2018-17140?

References

CVSS V3.1

Timeline