Impact
An unauthenticated Cross‑Site Scripting flaw exists in WordPress Quiz And Survey Master plugin versions 11.0.0 and earlier, allowing an attacker to inject arbitrary client‑side code into the plugin’s output. The impact is limited to the browser of any user who loads the vulnerable content; this conclusion is inferred from the nature of XSS and is not explicitly stated in the description.
Affected Systems
The flaw affects the ExpressTech WordPress Quiz And Survey Master plugin running versions 11.0.0 or earlier. No other products or versions are mentioned as vulnerable.
Risk and Exploitability
The vulnerability carries a CVSS score of 7.1, indicating medium‑to‑high severity, and an EPSS score of less than 1 %, indicating a low probability of exploitation at this time. The issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is an unauthenticated HTTP request to the plugin’s publicly accessible interface where malicious payloads can be injected.
OpenCVE Enrichment