HD Quiz <= 1.8.3 is vulnerable to Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Subscriber

Published
2021-07-25

The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24571

CVSS

Score:5.4

Severity:Medium

Version: 1.8.3

There is a patch available in v1.8.4 and we strongly recommend you update to this version as soon as possible.