Reflected Cross-Site Scripting Vulnerability in Chained Quiz Plugin for WordPress
CVE-2022-4215
6.1MEDIUM
Summary
The Chained Quiz plugin for WordPress suffers from a Reflected Cross-Site Scripting flaw, primarily affecting the 'date' parameter on the 'chainedquiz_list' page. This issue arises from inadequate input sanitization and output escaping in versions up to and including 1.3.2.3. Consequently, unauthenticated attackers can exploit this vulnerability to inject malicious scripts into web pages. If a user is tricked into interacting with a crafted link, the injected scripts could execute in their browser context, potentially compromising user data or account security.
Affected Version(s)
Chained Quiz * <= 1.3.2.3
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Muhammad Zeeshan (Xib3rR4dAr)