CVE-2022-4033
Quiz and Survey Master <= 8.0.4 - Improper Input Validation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.
El complemento Quiz and Survey Master para WordPress es vulnerable a la omisión de validación de entrada a través del parámetro 'question[id]' en versiones hasta la 8.0.4 incluida debido a una validación de entrada insuficiente que permite a los atacantes inyectar contenido distinto al valor especificado (es decir, un número, ruta de archivo, etc.). Esto hace posible que los atacantes envíen valores distintos al tipo de entrada previsto.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-16 CVE Reserved
- 2022-11-16 CVE Published
- 2024-08-03 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Expresstech Search vendor "Expresstech" | Quiz And Survey Master Search vendor "Expresstech" for product "Quiz And Survey Master" | <= 8.0.4 Search vendor "Expresstech" for product "Quiz And Survey Master" and version " <= 8.0.4" | wordpress |
Affected
| ||||||