Vulnerabilities > Mtouch Quiz Project

DATE CVE VULNERABILITY TITLE RISK
2022-08-08 CVE-2022-2410 Unspecified vulnerability in Mtouch Quiz Project Mtouch Quiz
The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
mtouch-quiz-project
4.8
2019-09-20 CVE-2015-9389 Cross-site Scripting vulnerability in Mtouch Quiz Project Mtouch Quiz
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.
network
low complexity
mtouch-quiz-project CWE-79
5.4
2019-09-20 CVE-2015-9388 Cross-Site Request Forgery (CSRF) vulnerability in Mtouch Quiz Project Mtouch Quiz
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
network
low complexity
mtouch-quiz-project CWE-352
6.5
2019-09-20 CVE-2015-9387 Cross-Site Request Forgery (CSRF) vulnerability in Mtouch Quiz Project Mtouch Quiz
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.
network
low complexity
mtouch-quiz-project CWE-352
6.5
2019-09-20 CVE-2015-9386 Cross-site Scripting vulnerability in Mtouch Quiz Project Mtouch Quiz
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.
network
low complexity
mtouch-quiz-project CWE-79
6.1