CVE-2023-3575

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

T

he Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

References

Link	Resource
https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112	Exploit Third Party Advisory
https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins	Exploit
https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112	Exploit Third Party Advisory
https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:17

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112 - Exploit, Third Party Advisory
References	~~() https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins - Exploit~~	() https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins - Exploit

Information

Published : 2023-08-07 15:15

Updated : 2025-04-23 17:16

NVD link : CVE-2023-3575

Mitre link : CVE-2023-3575

CVE.ORG link : CVE-2023-3575

JSON object : View

Products Affected

expresstech

quiz_and_survey_master

CWE

No CWE.

{"id": "CVE-2023-3575", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-08-07T15:15:11.460", "references": [{"url": "https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks"}], "lastModified": "2025-04-23T17:16:38.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9032352D-91A9-4520-9F2A-DB5BA233235A", "versionEndExcluding": "8.1.11"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}