WordPress Plugin Vulnerabilities

Quiz And Survey Master < 8.1.19 - Quiz Results Deletion via CSRF

Description

The plugin does not have CSRF checks in some functions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete quiz results

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 8.1.19

References

CVE
CVE-2023-51521
URL
https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-18-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Brandon James Roldan (tomorrowisnew)
Verified
No
WPVDB ID
77cfe1a7-96db-4862-be02-56b0a4c6d821

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-05 (about 2 years ago)

Other

Published
Title
Published
2022-04-11
Title
Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF
Published
2014-08-01
Title
Social Sharing Toolkit 2.1.1 - Setting Manipulation CSRF
Published
2025-03-31
Title
PostmarkApp Email Integrator <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2026-05-11
Title
Skysa Text Ticker App <= 1.4 - Cross-Site Request Forgery to Settings Modification via 'Save Settings' Form
Published
2021-10-18
Title
WP Performance Score Booster < 2.1 - Settings Change via CSRF