Approved changes feed: RSS · Atom

cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorKibokolabs (94c96222-e91f-5c0c-83ed-9f4ab2c7eef0)
ProductWatu Quiz (9b790698-3509-50e1-8e80-8c6a804895d1)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/wp-plugins/watu purl2cpe 2026-06-01 10:12:20.616883

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-46242 vulnerable 2026-06-08 07:25:11.369191 WordPress Watu Quiz plugin <= 3.4.3 - SQL Injection Vulnerability
HIGH (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through <= 3.4.3.
Published: 2025-04-22T09:53:28.836Z
Updated: 2026-04-28T16:12:36.802Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-30844 vulnerable 2026-06-08 07:17:01.912594 WordPress Watu Quiz plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) Vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz watu allows Reflected XSS.This issue affects Watu Quiz: from n/a through <= 3.4.2.
Published: 2025-04-01T20:58:07.310Z
Updated: 2026-04-28T16:11:58.609Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-53792 vulnerable 2026-06-08 06:54:15.527441 WordPress Watu Quiz plugin <= 3.4.1.2 - SQL Injection vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through <= 3.4.1.2.
Published: 2024-12-02T13:48:25.793Z
Updated: 2026-05-11T22:16:57.999Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2640 vulnerable 2026-06-08 06:33:31.709038 Watu Quiz < 3.4.1.2 - Author+ Stored XSS
The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Published: 2024-07-12T06:00:05.185Z
Updated: 2024-08-01T19:18:48.172Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0873 vulnerable 2026-06-08 06:22:03.044150 Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-04-09T18:59:19.561Z
Updated: 2026-04-08T17:20:18.826Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0872 vulnerable 2026-06-08 06:22:03.043688 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-30483 vulnerable 2026-06-08 06:04:39.638666 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-25022 vulnerable 2026-06-08 05:56:08.400315 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0968 vulnerable 2026-06-08 05:52:33.550438 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0429 vulnerable 2026-06-08 05:52:04.937011 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0428 vulnerable 2026-06-08 05:52:04.936368 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-10111 vulnerable 2026-06-08 05:06:24.698570 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.