24 Sep

Our Plugin Security Checker Identified a Reflected XSS Vulnerability in Quiz And Survey Master

Recently the plugin Quiz And Survey Master, which has 20,000+ active installs according to wordpress.org, was run through our Plugin Security Checker tool and as part of our continued focus on improving the results produced by the tool we happened to take a look at some of the possible issues identified in it. One of those possible issues was reflected cross-site scripting (XSS) vulnerability in the plugin due to user input being directly output without any escaping.

Looking at the underlying code for the identified issue, which is available to users of our service through the tool’s Developer Mode, it certainly looked like the identification was correct and that there was likely be a vulnerability due to user input being output without being escaped: [Read more]