CNVD-2025-17159 — Vulnetix

CNVD-2025-17159 PUBLISHED CVSS 6.099999904632568 MEDIUM

WordPress Qwizcards plugin是WordPress平台的一款插件，主要用于创建在线quiz（问答测试）和flashcard（闪卡）内容。 WordPress Qwizcards plugin存在跨站脚本漏洞，该漏洞源于应用对用户提供的数据缺乏有效过滤与转义，攻击者可利用该漏洞通过注入精心设计的有效载荷执行任意Web脚本或HTML。

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Unknown	Qwizcards \| online quizzes and flashcards	0

Exploit Intelligence

https://wpscan.com/vulnerability/ff827f67-712e-4ab6-b6aa-7f5e6ff1283a/ (circl)
CIRCL seen: CVE-2025-6174 (circl-sighting)
CIRCL confirmed: CVE-2025-6174 (circl-sighting)
CIRCL seen: CVE-2025-6174 (circl-sighting)
CIRCL seen: CVE-2025-6174 (circl-sighting)
Nuclei Template: CVE-2025-6174 (nuclei-template)
Nuclei Template: CVE-2025-6174 (nuclei-template)

Timeline

Jul 23, 2025 CVE Published
Jul 23, 2025 PoC Published
Oct 27, 2025 PoC Published
Oct 27, 2025 PoC Published
Dec 2, 2025 PoC Published

References

https://wpscan.com/vulnerability/ff827f67-712e-4ab6-b6aa-7f5e6ff1283a/ exploit

Open in Interactive Console →