CVE-2021-24706

CVE-2021-24706: Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting

Vendor Unknown
Product Qwizcards – online quizzes and flashcards
Weakness CWE-79 · XSS
Published November 8, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

November 8, 2021 CVE published
August 3, 2024 Record updated