Medium severity6.1NVD Advisory· Published Dec 13, 2019· Updated Jun 17, 2026
CVE-2019-17599
CVE-2019-17599
Description
The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <6.3.5
- Range: <6.3.5
Patches
Vulnerability mechanics
References
4- github.com/QuizandSurveyMaster/quiz_master_next/issues/795nvdExploitThird Party Advisory
- wpvulndb.com/vulnerabilities/9977nvdExploitThird Party Advisory
- github.com/QuizandSurveyMaster/quiz_master_next/pull/796nvdThird Party Advisory
- wordpress.org/plugins/quiz-master-next/nvdRelease Notes
News mentions
0No linked articles in our index yet.