iFrame Injection Vulnerability in Quiz and Survey Master Plugin for WordPress
CVE-2022-4032

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress
Vendor: CVE Published:; 29 November 2022

Summary

The Quiz and Survey Master plugin for WordPress has a vulnerability that allows unauthenticated attackers to perform iFrame Injection through the 'question[id]' parameter. This issue arises from insufficient input sanitization and output escaping present in the plugin's code, allowing the injection of iframe tags. When exploited, this vulnerability permits malicious code to be executed on pages viewed by users, potentially leading to unauthorized actions or data theft.

Affected Version(s)

Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress * <= 8.0.4

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

https://www.wordfence.com/vulnerability-advisories-contin...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 29, 2022
Vulnerability Reserved
Nov 16, 2022

Credit

Luca Greeb

Andreas Krüger