Reflected Cross-Site Scripting Vulnerability in Quiz Maker Plugins for WordPress
CVE-2024-10636

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Quiz Maker Developer; Quiz Maker Agency; Quiz Maker Business
Vendor: CVE Published:; 26 January 2025

What is CVE-2024-10636?

The Quiz Maker plugins for WordPress, including the Business, Developer, and Agency versions, are susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This vulnerability allows unauthenticated attackers to inject malicious web scripts into pages. The scripts execute when users are tricked into clicking on a manipulated link, posing severe security risks to website users.

Affected Version(s)

Quiz Maker Agency * <= 31.8.0

Quiz Maker Business * <= 8.8.0

Quiz Maker Developer * <= 21.8.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://ays-pro.com/wordpress/quiz-maker

https://ays-pro.com/changelog-for-quiz-maker-pro

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2025

Credit

abrahack