Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-06	CVE-2023-24383	Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS Auth. network low complexity kibokolabs CWE-79	4.8
2023-03-13	CVE-2023-0844	Unspecified vulnerability in Kibokolabs Namaste! LMS The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). network low complexity kibokolabs	4.8
2023-03-03	CVE-2023-0968	Unspecified vulnerability in Kibokolabs Watu Quiz The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. network low complexity kibokolabs	6.1
2023-02-27	CVE-2023-0543	Unspecified vulnerability in Kibokolabs Arigato Autoresponder and Newsletter The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. network low complexity kibokolabs	4.8
2023-02-27	CVE-2023-0548	Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). network low complexity kibokolabs CWE-79	4.8
2023-02-21	CVE-2023-0428	Cross-site Scripting vulnerability in Kibokolabs Watu Quiz The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. network low complexity kibokolabs CWE-79	6.1
2023-02-21	CVE-2023-0429	Unspecified vulnerability in Kibokolabs Watu Quiz The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). network low complexity kibokolabs	4.8
2022-12-02	CVE-2022-4208	Unspecified vulnerability in Kibokolabs Chained Quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. network low complexity kibokolabs	6.1
2022-12-02	CVE-2022-4209	Unspecified vulnerability in Kibokolabs Chained Quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. network low complexity kibokolabs	6.1
2022-12-02	CVE-2022-4210	Unspecified vulnerability in Kibokolabs Chained Quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. network low complexity kibokolabs	6.1