Reflected Cross-Site Scripting in Chained Quiz Plugin for WordPress
CVE-2022-4214
6.1MEDIUM
What is CVE-2022-4214?
The Chained Quiz plugin for WordPress is susceptible to reflected cross-site scripting due to inadequate input sanitization and output escaping. Exploitation occurs through the 'ip' parameter on the 'chainedquiz_list' page in versions up to and including 1.3.2.3. This vulnerability enables unauthenticated attackers to inject malicious web scripts into pages, potentially deceiving users into executing these scripts by clicking on malicious links.
Affected Version(s)
Chained Quiz * <= 1.3.2.3