CVE-2021-20792: 
WordPress vulnerability analysis and mitigation

Cross-site scripting (XSS) vulnerability was discovered in Quiz And Survey Master WordPress plugin versions prior to 7.1.14. The vulnerability was identified in August 2021 and affected the plugin's handling of URL query parameters. This security flaw could allow remote attackers to inject arbitrary script via unspecified vectors (JVN Report, NVD).

The vulnerability exists due to improper handling of the 's' and 'paged' GET parameters in the plugin's admin interface. These parameters were not properly sanitized or escaped before being output in attributes, which could lead to Reflected Cross-Site Scripting issues. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) (WPScan, JVN Report).

If exploited, this vulnerability could allow attackers to execute arbitrary JavaScript code in the context of a user's browser session. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the authenticated user (JVN Report).

The vulnerability was patched in version 7.1.14 of the Quiz And Survey Master plugin. The fix includes proper sanitization of the 's' parameter using htmlspecialchars() function. Users are strongly advised to update to version 7.1.14 or later to protect against this vulnerability (WordPress Plugin).