First published: Tue Nov 29 2022(Updated: )
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Expresstech Quiz And Survey Master | <=8.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4032 is a vulnerability in the Quiz and Survey Master plugin for WordPress that allows for iFrame Injection via the 'question[id]' parameter.
The severity of CVE-2022-4032 is high with a CVSS score of 6.1.
CVE-2022-4032 affects the Quiz and Survey Master plugin by allowing unauthenticated attackers to inject iframe tags via the 'question[id]' parameter.
CVE-2022-4032 can be exploited by submitting malicious input via the 'question[id]' parameter and injecting iframe tags.
Yes, upgrading to version 8.0.5 or later of the Quiz and Survey Master plugin fixes CVE-2022-4032.