CVE-2024-2640

The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Configurations

Configuration 1 (hide)

cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 09:10

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/d46db635-9d84-4268-a789-406a0db4cccf/ - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/d46db635-9d84-4268-a789-406a0db4cccf/ - Exploit, Third Party Advisory

24 Jul 2024, 20:04

Type Values Removed Values Added
First Time Kibokolabs
Kibokolabs watu Quiz
References () https://wpscan.com/vulnerability/d46db635-9d84-4268-a789-406a0db4cccf/ - () https://wpscan.com/vulnerability/d46db635-9d84-4268-a789-406a0db4cccf/ - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CWE CWE-79
CPE cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*

12 Jul 2024, 12:49

Type Values Removed Values Added
Summary
  • (es) El complemento Watu Quiz para WordPress anterior a 3.4.1.2 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios como autores (si han sido autorizados por los administradores) realizar ataques de Cross Site Scripting almacenado incluso cuando la capacidad unfiltered_html no está permitida.

12 Jul 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-12 06:15

Updated : 2024-11-21 09:10


NVD link : CVE-2024-2640

Mitre link : CVE-2024-2640

CVE.ORG link : CVE-2024-2640


JSON object : View

Products Affected

kibokolabs

  • watu_quiz
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')