5.3

CVE-2022-4033

Quiz and Survey Master <= 8.0.4 - Improper Input Validation

Quiz and Survey Master <= 8.0.4 - Improper Input Validation

The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.
Mögliche Gegenmaßnahme
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker: Update to version 8.0.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ExpresstechQuiz And Survey Master SwPlatformwordpress Version <= 8.0.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Version *-8.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.473
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2801761%40quiz-master-next&new=2801761%40quiz-master-next&sfp_email=&sfph_mail=
Patch
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f5cc779-c7de-42e6-a812-5c0539067b8c?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f5cc779-c7de-42e6-a812-5c0539067b8c
Third Party Advisory