WordPress Plugin Vulnerabilities

Quiz And Survey Master < 7.3.7 - CSRF

Description

The plugin is lacking nonce check, which could allow attacker to make logged users perform unwanted actions via a CSRF attack

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 7.3.7

References

CVE
CVE-2022-0180
URL
https://jvn.jp/en/jp/JVN72788165/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Daiki Sueyoshi
Verified
No
WPVDB ID
8bb3e560-2540-4041-af77-f42a4493a7d3

Timeline

Publicly Published
2022-01-12 (about 4 years ago)
Added
2022-01-12 (about 4 years ago)
Last Updated
2022-04-09 (about 3 years ago)

Other

Published
Title
Published
2025-03-24
Title
Rewrite <= 0.2.1 - Cross-Site Request Forgery
Published
2025-08-14
Title
Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2014-12-14
Title
Mikiurl Wordpress Eklentisi <= 2.0 - Multiple CSRF
Published
2024-08-23
Title
Favicon Generator < 2.1 - Arbitrary File Deletion via CSRF
Published
2025-02-03
Title
DSGVO All in one for WP < 4.7 - Cross-Site Request Forgery to Account Deletion