WordPress Plugin Vulnerabilities

Quiz and Survey Master < 8.0.5 - Improper Input Validation

Description

The plugin does not properly validate the question[id] parameter, which could allow attackers to send values other than the expected type

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 8.0.5

References

CVE
CVE-2022-4033

Classification

Type
CONTENT INJECTION
OWASP top 10
A1: Injection
CWE
CWE-345
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Luca Greeb, Andreas Krüger
Verified
No
WPVDB ID
ce43a7dd-f09e-4cac-b8d4-96be464d7ba6

Timeline

Publicly Published
2022-11-29 (about 3 years ago)
Added
2022-11-29 (about 3 years ago)
Last Updated
2022-11-29 (about 3 years ago)

Other

Published
Title
Published
2026-04-29
Title
Five Star Restaurant Reservations < 2.7.17 - Unauthenticated Payment Bypass via PHP Type Juggling in 'payment_id' Parameter
Published
2021-09-23
Title
Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment
Published
2024-06-06
Title
PPOM for WooCommerce < 32.0.21 - Unauthenticated Content Injection Vulnerability
Published
2025-12-12
Title
TI WooCommerce Wishlist < 2.11.0 - Unauthenticated HTML Injection
Published
2026-04-06
Title
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More < 1.8.10 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook