CVE-2024-10636

Summary

CVE-2024-10636 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Quiz Maker plugins for WordPress, including Business (version 8.8.0 and below), Developer (version 21.8.0 and below), and Agency (version 31.8.0 and below). The vulnerability stems from insufficient input sanitization and output escaping in the 'content' parameter. Consequently, unauthenticated attackers can inject arbitrary web scripts, potentially tricking users into performing actions that execute the malicious code, such as clicking on a link. This poses a significant risk for websites using these plugins and highlights the importance of keeping WordPress installations up-to-date with security patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.