Headline
CVE-2021-36867: WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights.
wp-testing
Software
Psychological tests & quizzes
Vulnerable Versions
<= 0.21.19
Fixed in version
CVE
CVE-2021-36867
References
Credits
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Disclosure Date
2022-04-26
CVSS 3.0 score
Requires contributor or higher role user authentication.
Plugin does not exist, is not supported or discontinued.
Are your websites subject to this vulnerability?
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Psychological tests & quizzes plugin (versions <= 0.21.19).
Solution
No patched version.
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.
Related news
WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.
WordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.
SecurityScorecard's Cyber Risk Quantification portfolio helps customers understand the financial impact of a cyber-attack.
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.