CVE-2022-4033: Input Validation
First published: Tue Nov 29 2022(Updated: )
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Expresstech Quiz And Survey Master | <=8.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-4033?
CVE-2022-4033 is a vulnerability in the Quiz and Survey Master plugin for WordPress that allows for input validation bypass via the 'question[id]' parameter.
How does CVE-2022-4033 affect the Quiz and Survey Master plugin?
CVE-2022-4033 affects versions up to and including 8.0.4 of the Quiz and Survey Master plugin for WordPress.
What is the severity of CVE-2022-4033?
CVE-2022-4033 has a severity rating of medium, with a CVSS score of 5.3.
How can an attacker exploit CVE-2022-4033?
An attacker can exploit CVE-2022-4033 by injecting content other than the specified value into the 'question[id]' parameter.
Is there a fix for CVE-2022-4033?
Yes, updating the Quiz and Survey Master plugin to a version beyond 8.0.4 will fix CVE-2022-4033.
- collector/nvd-index
- vendor/expresstech
- canonical/expresstech quiz and survey master
- version/expresstech quiz and survey master/8.0.4