WordPress Plugin Vulnerabilities

ARI Stream Quiz < 1.3.3 - Contributor+ Content Injection

Description

The plugin is vulnerable to content injection due to improper capability checks on the quiz editing functionality, allowing authenticated attackers, with contributor access and above, to publish quizzes containing arbitrary content on the site without review.

Affects Plugins

Plugin icon
ari-stream-quiz
Fixed in 1.3.3

References

CVE
CVE-2023-47513
URL
https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-wordpress-quizzes-builder-plugin-1-2-32-content-injection-vulnerability

Classification

Type
CONTENT INJECTION
OWASP top 10
A1: Injection
CWE
CWE-345
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
d032d74f-db4d-4eb5-9977-52a5c7f67715

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-03-15 (about 2 years ago)

Other

Published
Title
Published
2026-04-06
Title
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More < 1.8.10 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook
Published
2026-02-17
Title
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 6.0.7.0 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment
Published
2024-06-27
Title
WooCommerce < 9.0.0 - Shop Manager+ Content Injection
Published
2021-01-12
Title
WP Quick FrontEnd Editor <= 5.5 - Authenticated Content Injection
Published
2022-11-29
Title
Quiz and Survey Master < 8.0.5 - Improper Input Validation