CVE-2023-0968

MEDIUM NUCLEI

Kibokolabs Watu Quiz < 3.3.9 - XSS

Title source: rule

Description

The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Nuclei Templates (1)

WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53

References (4)

Scores

CVSS v3 6.1
EPSS 0.1400
EPSS Percentile 94.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
kibokolabs/watu_quiz < 3.3.9
prasunsen/Watu Quiz < 3.3.9
Published Mar 03, 2023
Tracked Since Feb 18, 2026