Muhammad Zeeshan (Xib3rR4dAr)

Title	CVE ID	CVSS	Vector	Date
Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn	CVE-2022-4213	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via pointsf	CVE-2022-4209	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date	CVE-2022-4215	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf	CVE-2022-4212	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion	CVE-2022-4220	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	December 2, 2022
Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key	CVE-2022-4217	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip	CVE-2022-4214	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID	CVE-2022-4216	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf	CVE-2022-4211	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via datef	CVE-2022-4208	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying	CVE-2022-4218	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf	CVE-2022-4210	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2022
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion	CVE-2022-4219	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	December 2, 2022
SearchWP Live Ajax Search <= 1.6.2 - Directory Traversal and Local File Inclusion	CVE-2022-3227	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	September 15, 2022
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read	CVE-2022-2943	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	August 22, 2022
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal	CVE-2022-2945	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	August 22, 2022
Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting	CVE-2022-2515	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 22, 2022
Google Tag Manager for WordPress (GTM4WP) <= 1.15.1 - Stored Cross-Site Scripting via Content Element ID	CVE-2022-1961	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	May 31, 2022
RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection	CVE-2022-1768	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 17, 2022
Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure	CVE-2022-1442	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 23, 2022

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation