CVE-2025-46482: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was identified in MyThemeShop's WP Quiz WordPress plugin, tracked as CVE-2025-46482. The vulnerability affects versions through 2.0.10 of the WP Quiz plugin and was discovered by security researcher muhammad yudha. The issue was publicly disclosed on April 25, 2025 (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires contributor-level privileges or higher to exploit (Patchstack).

This vulnerability could allow an authenticated attacker to inject malicious scripts into the website. When executed, these scripts could potentially lead to unauthorized actions such as redirects, insertion of unwanted advertisements, and execution of other malicious HTML payloads that would affect visitors to the affected site (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. Website administrators running affected versions of the WP Quiz plugin should consider implementing additional security controls or temporarily disabling the plugin until a patch becomes available (Patchstack).