VYPR

slickquiz

by WordPress

CVEs (2)

  • CVE-2019-12516HigSep 13, 2019
    risk 0.57cvss 8.8epss 0.02

    The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI.

  • CVE-2019-12517MedSep 13, 2019
    risk 0.40cvss 6.1epss 0.01

    An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later…