Stored Cross-Site Scripting Vulnerability in Easy Quiz Maker Plugin for WordPress
CVE-2024-13456
5.4MEDIUM
What is CVE-2024-13456?
The Easy Quiz Maker plugin for WordPress allows for Stored Cross-Site Scripting due to inadequate sanitization and escaping of user inputs specifically in the 'wqt-question' shortcode. This vulnerability affects all versions up to and including 2.0, enabling attackers with contributor-level access or higher to execute malicious scripts on pages visited by users, potentially compromising sensitive information and the overall security of the website.
Affected Version(s)
Easy Quiz Maker * <= 2.0