Description
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.
CVSS breakdown
CVSS 3.1
Availability
None
Integrity
Low
Confidentiality
None
Scope
Unchanged
User Interaction
None
Privileges Required
None
Attack Complexity
Low
Attack Vector
Network
Affected products
References
- MISChttps://www.wordfence.com/threat-intel/vulnerabilities/id/9f5cc779-c7de-42e6-a812-5c0539067b8c?source=cve
- MISChttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2801761%40quiz-master-next&new=2801761%40quiz-master-next&sfp_email=&sfph_mail=
- VENDOR_ADVISORYhttps://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033