All posts
Critical
Low
Medium

CVE-2025-11238

Alias:

Overview

The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. This makes it possible for unauthenticated at...

Critical
Low
Medium
No items found.

Severity / CVSS Score:  (Critical)

CWE:

Discovery date: October 25, 2025

Authentication required: NoneYes

Attack Vector: None

Affected Components

Kodem Deep Dive

Previous Post
Next Post

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo
Get a personalized demo