CVE-2022-4032: XSS
First published: Tue Nov 29 2022(Updated: )
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Expresstech Quiz And Survey Master | <=8.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-4032?
CVE-2022-4032 is a vulnerability in the Quiz and Survey Master plugin for WordPress that allows for iFrame Injection via the 'question[id]' parameter.
What is the severity of CVE-2022-4032?
The severity of CVE-2022-4032 is high with a CVSS score of 6.1.
How does CVE-2022-4032 affect the Quiz and Survey Master plugin?
CVE-2022-4032 affects the Quiz and Survey Master plugin by allowing unauthenticated attackers to inject iframe tags via the 'question[id]' parameter.
How can CVE-2022-4032 be exploited?
CVE-2022-4032 can be exploited by submitting malicious input via the 'question[id]' parameter and injecting iframe tags.
Is there a fix for CVE-2022-4032?
Yes, upgrading to version 8.0.5 or later of the Quiz and Survey Master plugin fixes CVE-2022-4032.
- collector/nvd-index
- vendor/expresstech
- canonical/expresstech quiz and survey master
- version/expresstech quiz and survey master/8.0.4