vendor:
Quizlord
by:
Renos Nikolaou
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Quizlord
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:wordpress:quizlord:2.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Kali Linux
2018
WordPress Plugin Quizlord 2.0 – Cross-Site Scripting
Quizlord is prone to Stored Cross Site Scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting malicious JavaScript code in the 'title' parameter of the 'ql_insert' action. The malicious code will be executed when a user visits the page containing the shortcode [quizlord id='#'].
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized.
