关键信息 漏洞名称: - Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 Stored XSS 严重性: - Medium 日期: - January 16, 2026 影响的版本: - Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 CVE编号: - CVE-2019-25297 CVE名称: - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CVSS评分: - 4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N 相关参考: - Plugin Vulnerabilities Disclosure w/ Exploitation Evidence & PoC - WPScan Advisory w/ Exploitation Acknowledgement - WP Changeset Patch - Wordfence Advisory - Acunetix Advisory - Poll, Survey & Quiz Maker WP Page 描述: - WordPress插件的Poll, Survey & Quiz Maker Plugin by Opinion Stage 在19.6.25之前的版本中存在存储型跨站脚本(XSS)漏洞,可通过多个参数注入任意脚本内容,当受害者查看受影响的页面时就会执行。该漏洞是由于输入验证不足和输出转义不当导致的。