WordPress Plugin Vulnerabilities

Chained Quiz < 1.3.2.5 - Arbitrary Question Deletion via CSRF

Description

The plugin does not have CSRF check when deleting questions, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
chained-quiz
Fixed in 1.3.2.5

References

CVE
CVE-2022-4220

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Zeeshan (Xib3rR4dAr)
Verified
No
WPVDB ID
b2f876b4-337a-4adb-a388-b8cf0e976e00

Timeline

Publicly Published
2022-12-02 (about 3 years ago)
Added
2022-12-03 (about 3 years ago)
Last Updated
2022-12-03 (about 3 years ago)

Other

Published
Title
Published
2022-04-27
Title
WP-Invoice <= 4.3.1 - Arbitrary Settings Update via CSRF
Published
2024-02-20
Title
Innovs HR <= 1.0.3.4 - Employee Creation via CSRF
Published
2024-04-08
Title
Benchmark Email Lite < 4.2 - Cross-Site Request Forgery via page_settings()
Published
2014-08-01
Title
Cardoza WordPress Poll <= 34.05 - Multiple External Function Remote Poll Manipulation
Published
2014-08-01
Title
Centrora Security 3.2.1 - Multiple Admin Actions CSRF