Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mtouch_quiz_project:mtouch_quiz:1.05:*:*:*:*:wordpress:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-2410 |
The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) Published: August 08, 2022; 10:15:09 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2015-9389 |
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. Published: September 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2015-9388 |
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. Published: September 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-9387 |
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. Published: September 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-9386 |
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. Published: September 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-100023 |
Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php. Published: January 13, 2015; 10:59:12 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-100022 |
SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. Published: January 13, 2015; 10:59:11 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |