This vulnerability, identified as CWE-79, involves improper neutralization of input during web page generation in the Quiz And Survey Master plugin by ExpressTech. It allows unauthenticated attackers to inject malicious scripts (XSS) in affected versions up to 11.0.0. The CVSS 3.1 base score is 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. The impact includes limited confidentiality, integrity, and availability impacts. No official patch or remediation level has been provided yet, and no known exploits are reported in the wild.

Successful exploitation of this vulnerability can allow an unauthenticated attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to theft of sensitive information, session hijacking, or other malicious actions affecting confidentiality, integrity, and availability to a limited extent.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor for vendor updates and apply patches once available. Until then, consider applying temporary mitigations such as input validation or web application firewall rules to detect and block malicious payloads related to XSS.