cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4216,https://securityvulnerability.io/vulnerability/CVE-2022-4216,Stored Cross-Site Scripting in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'facebook_appid' parameter due to inadequate input sanitization and output escaping procedures. This vulnerability allows authenticated attackers with administrative rights to inject malicious scripts into pages, which will then execute on the browsers of users accessing those compromised pages. It highlights significant security risks associated with insufficient validation and sanitization in web applications.",Wordpress,Chained Quiz,5.5,MEDIUM,0.0009399999980814755,false,,false,false,false,,false,false,2022-12-02T20:58:39.550Z,0
CVE-2022-4217,https://securityvulnerability.io/vulnerability/CVE-2022-4217,Stored Cross-Site Scripting Vulnerability in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) via the 'api_key' parameter. This vulnerability arises from inadequate input sanitization and output encoding, allowing authenticated attackers with admin privileges to inject arbitrary scripts. Such scripts may execute when users access compromised pages, which can lead to severe security threats, including data theft or session hijacking. Users of versions up to and including 1.3.2.2 should update immediately to mitigate risks associated with this vulnerability.",Wordpress,Chained Quiz,5.5,MEDIUM,0.0009399999980814755,false,,false,false,false,,false,false,2022-12-02T20:58:25.221Z,0
CVE-2022-4212,https://securityvulnerability.io/vulnerability/CVE-2022-4212,Reflected Cross-Site Scripting in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress suffers from a vulnerability that allows for Reflected Cross-Site Scripting through the 'ipf' parameter on the 'chainedquiz_list' page. This flaw arises from inadequate input sanitization and output escaping, enabling unauthenticated attackers to inject arbitrary scripts into web pages. If users interact with malicious links, their browsers may execute these scripts, leading to potential data theft or unauthorized actions on their behalf.",Wordpress,Chained Quiz,6.1,MEDIUM,0.0009899999713525176,false,,false,false,false,,false,false,2022-12-02T20:29:12.966Z,0
CVE-2022-4211,https://securityvulnerability.io/vulnerability/CVE-2022-4211,Reflected Cross-Site Scripting in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit insufficient input sanitization in the 'emailf' parameter on the 'chainedquiz_list' page. By crafting a malicious link, an attacker can trick users into clicking it, which results in the execution of arbitrary web scripts on their browsers. This can lead to significant security risks, including data theft or malicious site interactions, emphasizing the importance of keeping plugins updated and employing stringent security practices.",Wordpress,Chained Quiz,6.1,MEDIUM,0.0009899999713525176,false,,false,false,false,,false,false,2022-12-02T20:27:55.674Z,0
CVE-2022-4210,https://securityvulnerability.io/vulnerability/CVE-2022-4210,Reflected Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin,"The Chained Quiz plugin for WordPress is susceptible to a reflected cross-site scripting vulnerability due to inadequate sanitization and escaping of the 'dnf' parameter in the 'chainedquiz_list' page. This flaw allows unauthenticated attackers to inject malicious scripts into web pages, which could execute in the browser of users who follow a deceptive link. Proper input validation and escaping practices are essential to mitigate this risk and protect users from potential attacks.",Wordpress,Chained Quiz,6.1,MEDIUM,0.0009899999713525176,false,,false,false,false,,false,false,2022-12-02T20:26:45.548Z,0
CVE-2022-4209,https://securityvulnerability.io/vulnerability/CVE-2022-4209,Reflected Cross-Site Scripting in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress is susceptible to reflected cross-site scripting due to inadequate input sanitization for the 'pointsf' parameter on the 'chainedquiz_list' page. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts, potentially deceiving users into executing malicious actions simply by clicking on compromised links. Upgrading to the latest version of the plugin is crucial to mitigate this risk.",Wordpress,Chained Quiz,6.1,MEDIUM,0.0009899999713525176,false,,false,false,false,,false,false,2022-12-02T20:25:57.704Z,0
CVE-2022-4208,https://securityvulnerability.io/vulnerability/CVE-2022-4208,Reflected Cross-Site Scripting Vulnerability in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress is susceptible to a reflected cross-site scripting vulnerability due to inadequate input sanitization and output escaping. This issue manifests through the 'datef' parameter on the 'chainedquiz_list' page. Attackers can exploit this vulnerability to inject malicious scripts into web pages, which may execute if an unsuspecting user engages with a compromised link. Proper measures are essential to mitigate risks associated with this vulnerability, especially for users running versions 1.3.2 and below.",Wordpress,Chained Quiz,6.1,MEDIUM,0.0009899999713525176,false,,false,false,false,,false,false,2022-12-02T20:25:37.319Z,0
CVE-2022-4213,https://securityvulnerability.io/vulnerability/CVE-2022-4213,Reflected Cross-Site Scripting in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress contains a reflected cross-site scripting vulnerability due to inadequate input sanitization and output escaping in the 'dn' parameter on the 'chainedquiz_list' page. Attackers can exploit this flaw to inject arbitrary web scripts into pages that could execute if users are tricked into clicking deceptive links. This poses significant security risks for WordPress installations running this plugin, especially in versions up to and including 1.3.2.2.",Wordpress,Chained Quiz,6.1,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2022-12-02T20:19:08.928Z,0
CVE-2022-4214,https://securityvulnerability.io/vulnerability/CVE-2022-4214,Reflected Cross-Site Scripting in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress is susceptible to reflected cross-site scripting due to inadequate input sanitization and output escaping. Exploitation occurs through the 'ip' parameter on the 'chainedquiz_list' page in versions up to and including 1.3.2.3. This vulnerability enables unauthenticated attackers to inject malicious web scripts into pages, potentially deceiving users into executing these scripts by clicking on malicious links.",Wordpress,Chained Quiz,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,false,false,2022-12-02T20:17:20.632Z,0
CVE-2022-4215,https://securityvulnerability.io/vulnerability/CVE-2022-4215,Reflected Cross-Site Scripting Vulnerability in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress suffers from a Reflected Cross-Site Scripting flaw, primarily affecting the 'date' parameter on the 'chainedquiz_list' page. This issue arises from inadequate input sanitization and output escaping in versions up to and including 1.3.2.3. Consequently, unauthenticated attackers can exploit this vulnerability to inject malicious scripts into web pages. If a user is tricked into interacting with a crafted link, the injected scripts could execute in their browser context, potentially compromising user data or account security.",Wordpress,Chained Quiz,6.1,MEDIUM,0.0009899999713525176,false,,false,false,false,,false,false,2022-12-02T20:15:45.531Z,0
CVE-2022-4220,https://securityvulnerability.io/vulnerability/CVE-2022-4220,Cross-Site Request Forgery in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress contains a Cross-Site Request Forgery vulnerability due to the absence of nonce validation in the list_questions() function. This weakness allows unauthenticated attackers to manipulate quiz content by tricking administrators into executing malicious link actions, potentially leading to unauthorized deletion of questions from quizzes.",Wordpress,Chained Quiz,5.4,MEDIUM,0.0013800000306218863,false,,false,false,false,,false,false,2022-12-02T20:11:13.243Z,0
CVE-2022-4219,https://securityvulnerability.io/vulnerability/CVE-2022-4219,Cross-Site Request Forgery Vulnerability in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF), affecting all versions up to and including 1.3.2.4. The vulnerability arises from the absence of nonce validation in the manage() function, which allows unauthenticated attackers to exploit this weakness. By tricking a site administrator into clicking a malicious link, the attacker could initiate unauthorized actions, such as deleting submitted quiz responses, posing a significant risk to the integrity of user-submitted data.",Wordpress,Chained Quiz,5.4,MEDIUM,0.0009899999713525176,false,,false,false,false,,false,false,2022-12-02T20:10:31.387Z,0
CVE-2022-4218,https://securityvulnerability.io/vulnerability/CVE-2022-4218,Cross-Site Request Forgery in Chained Quiz Plugin for WordPress,"The Chained Quiz plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the list_quizzes() function. This vulnerability allows unauthenticated attackers to manipulate quizzes on a site by tricking the site administrator into executing actions, such as clicking a malicious link. Versions of the plugin up to and including 1.3.2.4 are affected, potentially leading to unauthorized quiz deletions or duplications without the admin's consent.",Wordpress,Chained Quiz,5.4,MEDIUM,0.0009899999713525176,false,,false,false,false,,false,false,2022-12-02T20:10:04.021Z,0
CVE-2021-24690,https://securityvulnerability.io/vulnerability/CVE-2021-24690,Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting,The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings.,Wordpress,Chained Quiz,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-11T10:45:41.000Z,0
CVE-2018-14502,https://securityvulnerability.io/vulnerability/CVE-2018-14502,,controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.,Wordpress,Chained Quiz,9.8,CRITICAL,0.013209999538958073,false,,false,false,false,,false,false,2020-03-10T12:45:15.000Z,0
CVE-2020-7104,https://securityvulnerability.io/vulnerability/CVE-2020-7104,,The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.,Wordpress,Chained Quiz,6.1,MEDIUM,0.0013000000035390258,false,,false,false,false,,false,false,2020-01-17T22:10:48.000Z,0
CVE-2016-10892,https://securityvulnerability.io/vulnerability/CVE-2016-10892,,The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues.,Wordpress,Chained Quiz,6.1,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2019-08-20T15:03:04.000Z,0