Description

WordPress Plugin Quiz And Survey Master-Best Quiz, Exam and Survey for WordPress is prone to multiple vulnerabilities, including iFrame injection and input validation bypass vulnerabilities. Exploiting these issues could allow an attacker to inject iFrames in pages that will execute whenever a user accesses an injected page, or to send values other than the expected type. WordPress Plugin Quiz And Survey Master-Best Quiz, Exam and Survey for WordPress version 8.0.4 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 8.0.5 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/quiz-master-next/quiz-and-survey-master-804-unauthenticated-iframe-injection-via-paragraph-and-short-answer

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/quiz-master-next/quiz-and-survey-master-804-improper-input-validation

https://plugins.svn.wordpress.org/quiz-master-next/trunk/readme.txt

Related Vulnerabilities

MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)

Accept Donations with PayPal Cross-Site Request Forgery (1.3.3)

WP-Live Chat by 3CX Arbitrary File Upload (8.0.31)

MySQL CVE-2018-3279 Vulnerability (CVE-2018-3279)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-13363)

Severity

High

Classification

CVE-2022-4032 CVE-2022-4033 CWE-80 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Tags

Missing Update