CVE-2023-3575

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112	Exploit Third Party Advisory
https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins	Exploit
https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112	Exploit Third Party Advisory
https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2023-08-07 15:15

Updated : 2025-04-23 17:16

NVD link : CVE-2023-3575

Mitre link : CVE-2023-3575

CVE.ORG link : CVE-2023-3575

JSON object : View

Products Affected

expresstech

quiz_and_survey_master

CWE

No CWE.

{"id": "CVE-2023-3575", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-08-07T15:15:11.460", "references": [{"url": "https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins", "tags": ["Exploit"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks"}], "lastModified": "2025-04-23T17:16:38.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9032352D-91A9-4520-9F2A-DB5BA233235A", "versionEndExcluding": "8.1.11"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}