WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection
CVE-2023-52182

9.9CRITICAL

Key Information:

Vendor: Wordpress
Status: ARI Stream Quiz – WordPress Quizzes Builder
Vendor: CVE Published:; 31 December 2023

Summary

The ARI Stream Quiz plugin by ARI Soft is susceptible to a deserialization of untrusted data vulnerability. This issue allows attackers to exploit the plugin's handling of serialized data, potentially leading to remote code execution. Affected versions include all prior to 1.3.0. Users are strongly advised to audit their installations and apply necessary updates to mitigate the risk.

Affected Version(s)

ARI Stream Quiz – WordPress Quizzes Builder <= 1.3.0

References

https://patchstack.com/database/vulnerability/ari-stream-...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2023
Vulnerability Reserved
Dec 29, 2023

Credit

Rafie Muhammad (Patchstack)