- Description
- The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
New post from https://t.co/uXvPWJy6tj (CVE-2024-10636 | AYS Pro Plugins Quiz Maker Business, Developer, and Agency Plugin up to 21.8.0 on WordPress content cross site scripting) has been published on https://t.co/EDSuAL607n
@WolfgangSesin
26 Jan 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10636 Reflected XSS Vulnerability in WordPress Quiz Maker Plugins https://t.co/oqypBPnJob
@VulmonFeeds
26 Jan 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10636 The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to… https://t.co/eCCHgHB18O
@CVEnew
26 Jan 2025
710 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A CVE of mine CVE-2024-10636 (CVSS:3.1 6.1 Medium) has been released today. Full disclosure exclusively on my blog https://t.co/Z46zGduZ0M, at a later date in a larger series. You can read more about it at the link below https://t.co/9emgaInCoF
@theabrahack
25 Jan 2025
111 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes