Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE CVE-2024-10636
CVSS Medium (6.1)
Publicly Published January 25, 2025
Last Updated March 12, 2025
Researcher abrahack
Description

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: The three variations of this software (Business, Developer, and Agency) share the same plugin slug, so you may get an alert even if you are running the latest version of any of the pieces of software. In these cases it is safe to dismiss the notice once you've confirmed your site is on a patched version of the applicable software.

References

3 affected software package

Software Type Plugin
Software Slug quiz-maker (view on wordpress.org)
Patched? Yes
Affected Version
  • 20.0.0 - 21.8.0
Patched Version
  • 21.8.0.100
Software Type Plugin
Software Slug quiz-maker (view on wordpress.org)
Patched? Yes
Affected Version
  • 7.0.0 - 8.8.0
Patched Version
  • 8.8.0.100
Software Type Plugin
Software Slug quiz-maker (view on wordpress.org)
Patched? Yes
Affected Version
  • 30.0.0 - 31.8.0
Patched Version
  • 31.8.0.100
This record contains material that is subject to copyright

Copyright 2012-2026 Defiant Inc.
License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. License Detail.