WordPress Plugin Vulnerabilities

Quiz and Survey Master < 8.0.5 - Unauthenticated iFrame Injection

Description

The plugin does not sanitise and escape the question[id] parameter, which could allow unauthenticated users to perform iFrame injection attack

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 8.0.5

References

CVE
CVE-2022-4032

Classification

Type
CROSS FRAME SCRIPTING
OWASP top 10
A1: Injection
CWE
CWE-80
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Luca Greeb, Andreas Krüger
Verified
No
WPVDB ID
68e18a79-6c8d-4570-88e7-dd7a2256e6b8

Timeline

Publicly Published
2022-11-29 (about 3 years ago)
Added
2022-11-29 (about 3 years ago)
Last Updated
2022-11-29 (about 3 years ago)

Other

Published
Title
Published
2024-02-07
Title
Matomo < 5.0.1 - Reflected Cross-Site Scripting via idsite
Published
2024-01-19
Title
FileBird < 5.6.1 - Admin+ Stored XSS
Published
2025-11-10
Title
Slippy Slider – Responsive Touch Navigation Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-04-30
Title
Team Members < 3.4.2 - Contributor+ Stored XSS
Published
2024-02-23
Title
YML for Yandex Market < 4.2.4 - Reflected Cross-Site Scripting