CVE-2025-6174 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-6174 PUBLISHED CVSS 9.300000190734863 CRITICAL

The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "_stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user.

EPSS 0.92% · 75.8th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.92%

75.8th percentile

Affected Products

Vendor	Product	Versions
Unknown	Qwizcards \| online quizzes and flashcards	0, 0

Timeline

Feb 27, 2022 CrowdSec Sighting
Dec 10, 2022 CrowdSec Sighting
Aug 15, 2023 CrowdSec Sighting
Jun 1, 2024 CrowdSec Sighting
Apr 17, 2025 CrowdSec Sighting
May 22, 2025 CrowdSec Sighting
May 22, 2025 CrowdSec Sighting
Jul 23, 2025 EPSS Score
Jul 23, 2025 Coalition ESS Score
Jul 23, 2025 CVE Published
Jul 23, 2025 PoC Published
Jul 23, 2025 CVE Updated

References

Open in Interactive Console →