Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36867: WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights.

CVE
#xss#vulnerability#web#wordpress#auth

wp-testing

Software

Psychological tests & quizzes

Vulnerable Versions

<= 0.21.19

Fixed in version

CVE

CVE-2021-36867

References

Credits

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2022-04-26

CVSS 3.0 score

Requires contributor or higher role user authentication.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Psychological tests & quizzes plugin (versions <= 0.21.19).

Solution

No patched version.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Related news

WordPress Coru LFMember 1.0.2 Cross Site Scripting

WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.

Gitlab 14.9 Cross Site Scripting

Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.

WordPress WP-Invoice 4.3.1 Cross Site Scripting

WordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.

SecurityScorecard Launches Cyber Risk Quantification Portfolio

SecurityScorecard's Cyber Risk Quantification portfolio helps customers understand the financial impact of a cyber-attack.

Firms Push for CVE-Like Cloud Bug System

Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907