CVE-2022-4032

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master plugin for WordPress versions up to, and including, 8.0.4

Description The issue arises from insufficient input sanitization and output escaping, allowing iframe tags to be injected via the question[id] parameter. This enables unauthenticated attackers to inject iFrames into pages, which will execute when a user accesses the injected page.

Recommendations For versions up to, and including, 8.0.4, consider disabling the question[id] parameter until a patch is available to prevent iFrame injection. Restrict access to the affected plugin to minimize the risk of exploitation. Avoid using the question[id] parameter in affected pages until the issue is resolved.

Fix

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-20

Related Identifiers

CVE-2022-4032

Affected Products

Quiz/Survey Master

CVE-2022-4032

Weakness Enumeration

Related Identifiers

Affected Products

References · 8