CVE-2022-4033

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master plugin for WordPress versions up to, and including, 8.0.4

Description The issue is related to input validation bypass via the question[id] parameter. Insufficient input validation allows attackers to inject content other than the specified value, such as a number or file path, making it possible for attackers to submit values other than the intended input type.

Recommendations For versions up to, and including, 8.0.4, consider restricting the input for the question[id] parameter to prevent injection of unauthorized content until a patch is available. As a temporary workaround, ensure that all inputs are thoroughly validated to minimize the risk of exploitation.