ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Quiz And Survey Master plugin <= 6.2.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

Product
Quiz And Survey Master
Description
Authenticated Cross-Site Scripting (XSS) vulnerability found by Tim Coen in WordPress Quiz And Survey Master plugin (versions <= 6.2.1).
Solution
12 March 2019 - plugin disabled in WordPress plugin repository, but changelog available for the patched version 6.2.2
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2019-9575
Versions
Affected In <= 6.2.1
Fixed In 6.2.2
Disclosure date
2019-03-12
Credits
Tim Coen
Submitter
ThreatPress