First published: Tue Nov 29 2022(Updated: )
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Expresstech Quiz And Survey Master | <=8.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4033 is a vulnerability in the Quiz and Survey Master plugin for WordPress that allows for input validation bypass via the 'question[id]' parameter.
CVE-2022-4033 affects versions up to and including 8.0.4 of the Quiz and Survey Master plugin for WordPress.
CVE-2022-4033 has a severity rating of medium, with a CVSS score of 5.3.
An attacker can exploit CVE-2022-4033 by injecting content other than the specified value into the 'question[id]' parameter.
Yes, updating the Quiz and Survey Master plugin to a version beyond 8.0.4 will fix CVE-2022-4033.