CVE-2021-36864: 
WordPress vulnerability analysis and mitigation

CVE-2021-36864 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the ExpressTech Quiz And Survey Master WordPress plugin versions 7.3.4 and below. The vulnerability was discovered in 2021 and affects users with editor or higher privileges (NVD, Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received varying CVSS scores: NIST assigned a base score of 5.4 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack rated it at 3.4 (LOW) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N. The issue stems from the plugin's failure to properly sanitize and escape a parameter before outputting it back in the page (WPScan).

The vulnerability could allow authenticated users with editor or higher privileges to inject malicious scripts into the website. When executed, these scripts could potentially lead to unauthorized actions being performed in the context of other users viewing the affected pages (Patchstack).

The vulnerability has been patched in version 7.3.5 of the Quiz And Survey Master plugin. Users are advised to update to this version or later to resolve the security issue (WPScan).