Cross-Site Request Forgery (CSRF) Vulnerability in ARI Stream Quiz
CVE-2023-51487

8.8HIGH

Key Information:

Vendor: WordPress
Status: Ari Stream Quiz
Vendor: CVE Published:; 16 March 2024

Summary

A notable Cross-Site Request Forgery (CSRF) vulnerability has been identified in ARI Stream Quiz, a product by ARI Soft. This issue allows an attacker to perform unauthorized actions on behalf of authenticated users. If a user is tricked into clicking a malicious link while logged in, the attacker can manipulate the user's session without their consent. This vulnerability affects all versions of ARI Stream Quiz up to 1.2.32, posing a significant risk to web applications that utilize this plugin.

Affected Version(s)

ARI Stream Quiz <= 1.2.32

References

https://patchstack.com/database/vulnerability/ari-stream-...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2024
Vulnerability Reserved
Dec 20, 2023

Credit

Nguyen Xuan Chien (Patchstack Alliance)