CVE-2021-24368: 
WordPress vulnerability analysis and mitigation

The Quiz And Survey Master WordPress plugin before version 7.1.18 contained a reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24368. The vulnerability was discovered and publicly disclosed on June 3, 2021. The issue affected the Quiz And Survey Master plugin, also known as quiz-master-next, which is a popular quiz and survey creation tool for WordPress websites (WPScan).

The vulnerability stemmed from improper sanitization and escaping of the resultid parameter when displaying existing quiz result pages. The issue was classified as CWE-79 and received a CVSS v3.1 score of 6.1 (MEDIUM). The vulnerability could be exploited through the wphead action, requiring only the manipulation of the result_id parameter without needing to access the quiz page directly (WPScan, NVD).

The exploitation of this vulnerability could lead to privilege escalation by tricking logged-in administrators into opening malicious links. This could potentially allow attackers to execute arbitrary HTML and JavaScript code in the context of the administrator's browser session (WPScan).

The vulnerability was fixed in version 7.1.18 of the Quiz And Survey Master plugin. Website administrators using affected versions were advised to update to the latest version immediately to mitigate the risk (WPScan).