CVE-2022-0180

Description

Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.

Affected products

• expresstech / Quiz And Survey Masterversions prior to 7.3.7 – versions prior to 7.3.7

References

• MISChttps://quizandsurveymaster.com/
• MISChttps://wordpress.org/plugins/quiz-master-next/
• MISChttps://jvn.jp/en/jp/JVN72788165/index.html