First published: Fri Dec 02 2022(Updated: )
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Credit: security@wordfence.com security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Chained Quiz Wordpress | <=1.3.2.4 | |
<=1.3.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4218 is a vulnerability in the Chained Quiz plugin for WordPress that allows unauthenticated attackers to delete and copy quizzes.
CVE-2022-4218 has a severity rating of 4.3 (medium).
Versions up to and including 1.3.2.4 of the Chained Quiz plugin for WordPress are affected by CVE-2022-4218.
To fix CVE-2022-4218, update the Chained Quiz plugin for WordPress to a version beyond 1.3.2.4.
You can find more information about CVE-2022-4218 at the following references: [GitHub Gist](https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e), [WordPress Plugin Trac](https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2826623%40chained-quiz&new=2826623%40chained-quiz&sfp_email=&sfph_mail=), [Wordfence Vulnerability Advisories](https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4218).