← Back

Mtouch Quiz Project

mtouch_quiz_project

7 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Mtouch Quiz
mtouch_quiz
7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-2410
1Mtouch Quiz Project
1Mtouch Quiz
Jun 17, 2026
Aug 8, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_ht...Show more
The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2015-9389
1Mtouch Quiz Project
1Mtouch Quiz
Nov 21, 2024
Sep 20, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.
CVE-2015-9388
1Mtouch Quiz Project
1Mtouch Quiz
Nov 21, 2024
Sep 20, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
CVE-2015-9387
1Mtouch Quiz Project
1Mtouch Quiz
Nov 21, 2024
Sep 20, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.
CVE-2015-9386
1Mtouch Quiz Project
1Mtouch Quiz
Nov 21, 2024
Sep 20, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.
CVE-2014-100023
1Mtouch Quiz Project
1Mtouch Quiz
May 6, 2026
Jan 13, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php.
CVE-2014-100022
1Mtouch Quiz Project
1Mtouch Quiz
May 6, 2026
Jan 13, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php.