CVE-2025-14579

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 98.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Unknown Quiz Maker
Timeline
PublishedJan 12

Description

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

CVEListV5unknown/quiz_maker< 6.7.0.89

🔴Vulnerability Details

2
GHSA
GHSA-m3m3-pp28-9hrp: The Quiz Maker WordPress plugin before 62026-01-12
CVEList
Quiz Maker < 6.7.0.89 - Admin+ Stored XSS2026-01-12

🕵️Threat Intelligence

1
Wiz
CVE-2025-14579 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-14579 (MEDIUM CVSS 4.8) | The Quiz Maker WordPress plugin bef | cvebase.io