CVE-2023-0968: 
WordPress 5FOqC0

The Watu Quiz WordPress plugin versions prior to 3.3.9.1 contained a Reflected Cross-Site Scripting (XSS) vulnerability, identified as CVE-2023-0968. The vulnerability was discovered by security researcher Marco Wotschka and publicly disclosed on March 3, 2023. The issue stemmed from insufficient input sanitization and output escaping in the plugin's functionality (WPScan).

The vulnerability exists due to improper sanitization and escaping of several parameters including email, dn, date, and points before they are output back to the page. The CVSS score for this vulnerability ranges from 6.1 (Medium) to 7.5 (High), with the CVSS vector being CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction (Wordfence Report).

The vulnerability could be exploited by unauthenticated attackers to inject arbitrary web scripts, potentially affecting high-privilege users such as administrators. When successfully exploited, the vulnerability could lead to the execution of malicious JavaScript code in the context of the targeted user's browser session (WPScan).

The vulnerability has been patched in version 3.3.9.1 of the Watu Quiz plugin. Website administrators are strongly advised to update to this version or later to protect against potential XSS attacks (Wordfence Report).