CVE-2025-6174

CVE-2025-6174: WordPress Qwizcards <= 3.9.4 - Reflected XSS

Vendor Unknown
Product Qwizcards | online quizzes and flashcards
Published July 23, 2025
Last update July 23, 2025

CVSS base score

What the vulnerability does

01Description

The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "_stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user.

Key dates

02Disclosure timeline

July 23, 2025 CVE published
July 23, 2025 Record updated