5.4

CVE-2023-51521

WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability

Quiz And Survey Master <= 8.1.18 - Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18.
Mögliche Gegenmaßnahme
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker: Update to version 8.1.19, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerExpressTech
Produkt Quiz And Survey Master
Default Statusunaffected
Version <= 8.1.18
Version n/a
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Version *-8.1.18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.095
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
audit@patchstack.com 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/4cfdbf80-3733-4d5c-9bc6-01e543ee08b1
Third Party Advisory