Headline

CVE-2021-36867: WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #wordpress #auth

wp-testing

Software

Psychological tests & quizzes

Vulnerable Versions

<= 0.21.19

Fixed in version

CVE

CVE-2021-36867

References

Credits

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2022-04-26

CVSS 3.0 score

Requires contributor or higher role user authentication.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Psychological tests & quizzes plugin (versions <= 0.21.19).

Solution

No patched version.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.