XSS in Prasunsen Watu Quiz
CVE-2025-11238
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" opt…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (14.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N.
Affected products
- Prasunsen Watu Quiz — versions 0
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-11238?
- CVE-2025-11238 is a high-severity vulnerability in Prasunsen Watu Quiz, classified under Cross-site Scripting. CVSS score: 7.2/10. Published 2025-10-25.
- How severe is CVE-2025-11238?
- High severity. CVSS v3 base score is 7.2 out of 10.