cleantalk
Vulnerabilities and Security Researches

Quiz Maker, CVE-2024-10636

CVE, Research URL

CVE-2024-10636

Home page URL

Security reports for Quiz Maker

Application

Quiz Maker

Published on
Jan 26, 2025
Research Description
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 6.4.0.0.
Status
vulnerable
Previous vulnerability researches
Quiz Maker (CVE-2021-24456) , Jun 06, 2024
Quiz Maker (CVE-2024-10633) , Jan 29, 2025
Quiz Maker (CVE-2023-23985) , Jun 06, 2024
Quiz Maker (CVE-2023-6155) , Jun 06, 2024
Quiz Maker (CVE-2023-6166) , Jun 06, 2024
New vulnerability
Advanced Custom Fields: Link Picker Field (CVE-2025-26746) , Apr 15, 2025
Nepali Date Converter (CVE-2025-26950) , Apr 15, 2025
DSGVO Youtube (CVE-2025-26982) , Apr 15, 2025
WP Easy Poll (CVE-2025-32562) , Apr 15, 2025
License Manager for WooCommerce (CVE-2025-32522) , Apr 14, 2025