Headline
CVE-2022-40698: WordPress Quiz And Survey Master plugin <= 7.3.10 - Cross-Site Scripting (XSS) vulnerability - Patchstack
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Verified
Fixed
4.7
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 7.3.10
PSID
193de4e964ae
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
If “Require User Login” is set to “No” , the XSS will be unauth. If not it will need subscriber role user.
Publicly disclosed
2022-10-21
Details
Cross-Site Scripting (XSS) vulnerability discovered by Thura Moe Myint (Patchstack Alliance) in WordPress Quiz And Survey Master plugin (versions <= 7.3.10).
Solution
Update the WordPress Quiz And Survey Master plugin to the latest available version (at least 7.3.11).
References