WordPress Plugin Vulnerabilities

Chained Quiz < 1.3.2.5 - Submitted Quiz Response Deletion via CSRF

Description

The plugin does not have CSRF checks when deleting submitted quiz response, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
chained-quiz
Fixed in 1.3.2.5

References

CVE
CVE-2022-4219

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Zeeshan (Xib3rR4dAr)
Verified
No
WPVDB ID
ba522d82-98ee-4dfa-9305-481d2591c85e

Timeline

Publicly Published
2022-12-02 (about 3 years ago)
Added
2022-12-03 (about 3 years ago)
Last Updated
2022-12-03 (about 3 years ago)

Other

Published
Title
Published
2025-01-03
Title
Notify Odoo < 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-04-22
Title
Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF
Published
2014-08-01
Title
Mingle Forum 1.0.35 - Privilege Escalation CSRF
Published
2022-05-23
Title
Core Control <= 1.2.1 - Arbitrary Settings Update via CSRF
Published
2023-02-28
Title
Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF