XSS in Prasunsen Watu Quiz

CVE-2025-11238

The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" opt…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (14.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-11238?
CVE-2025-11238 is a high-severity vulnerability in Prasunsen Watu Quiz, classified under Cross-site Scripting. CVSS score: 7.2/10. Published 2025-10-25.
How severe is CVE-2025-11238?
High severity. CVSS v3 base score is 7.2 out of 10.