Stored Cross-Site Scripting in Chained Quiz Plugin for WordPress
CVE-2022-4216
5.5MEDIUM
What is CVE-2022-4216?
The Chained Quiz plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'facebook_appid' parameter due to inadequate input sanitization and output escaping procedures. This vulnerability allows authenticated attackers with administrative rights to inject malicious scripts into pages, which will then execute on the browsers of users accessing those compromised pages. It highlights significant security risks associated with insufficient validation and sanitization in web applications.
Affected Version(s)
Chained Quiz * <= 1.3.2.2