CVE-2022-4033
CVSS V2 None
CVSS V3 None
Description
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.
Overview
- CVE ID
- CVE-2022-4033
- Assigner
- security@wordfence.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-11-29T21:15:12.193
- Last Modified Date
- 2022-12-01T22:12:01.910
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:* | 1 | OR | 8.0.4 |
References
Reference URL | Reference Tags |
---|---|
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2801761%40quiz-master-next&new=2801761%40quiz-master-next&sfp_email=&sfph_mail= | Patch Third Party Advisory |
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033 | Third Party Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4033 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4033 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-12-07 18:05:33 | Added to TrackCVE |