vulnerability

WordPress Plugin: quiz-master-next: CVE-2021-24368: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Try Surface Command
Back to search
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jun 3, 2021
Added
May 15, 2025
Modified
Jun 24, 2025

Description

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link

Solution

quiz-master-next-plugin-cve-2021-24368

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today