Kibokolabs

Chained Quiz

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2025-24701

  • EPSS 0.21%
  • Veröffentlicht 24.01.2025 18:15:43
  • Zuletzt bearbeitet 24.01.2025 18:15:43

Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz allows Server Side Request Forgery. This issue affects Chained Quiz: from n/a through 1.3.2.9.

5.3

CVE-2024-37921

  • EPSS 0.18%
  • Veröffentlicht 01.11.2024 15:15:29
  • Zuletzt bearbeitet 01.11.2024 20:24:53

Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8.

4.8

CVE-2024-37446

  • EPSS 0.11%
  • Veröffentlicht 21.07.2024 23:15:02
  • Zuletzt bearbeitet 21.11.2024 09:23:51

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Chained Quiz allows Stored XSS.This issue affects Chained Quiz: from n/a through 1.3.2.8.

4.8

CVE-2023-25027

  • EPSS 0.08%
  • Veröffentlicht 07.04.2023 11:15:07
  • Zuletzt bearbeitet 21.11.2024 07:48:57

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.

4.3

CVE-2022-4220

Exploit
  • EPSS 0.13%
  • Veröffentlicht 02.12.2022 21:15:12
  • Zuletzt bearbeitet 21.11.2024 07:34:49

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attacker...

4.3

CVE-2022-4219

Exploit
  • EPSS 0.13%
  • Veröffentlicht 02.12.2022 21:15:12
  • Zuletzt bearbeitet 21.11.2024 07:34:48

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to del...

4.3

CVE-2022-4218

Exploit
  • EPSS 0.18%
  • Veröffentlicht 02.12.2022 21:15:12
  • Zuletzt bearbeitet 21.11.2024 07:34:48

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers ...

6.1

CVE-2022-4214

Exploit
  • EPSS 1.81%
  • Veröffentlicht 02.12.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:34:48

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This mak...

4.8

CVE-2022-4217

Exploit
  • EPSS 0.75%
  • Veröffentlicht 02.12.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:34:48

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authentica...

4.8

CVE-2022-4216

Exploit
  • EPSS 0.69%
  • Veröffentlicht 02.12.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:34:48

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for aut...