CVE-2022-4033

Published: Nov 29, 2022Modified: Apr 8, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.

Affected (1)

Products: Expresstech: Quiz And Survey Master

1 product

Quiz And Survey Master

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Expresstech Quiz And Survey Master	Up to 8.0.4

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (5)

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2801761%40quiz-master-next&new=2801761%40quiz-master-next&sfp_email=&sfph_mail=

Source: security@wordfence.com

PatchThird Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/9f5cc779-c7de-42e6-a812-5c0539067b8c?source=cve

Source: security@wordfence.com

https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033

Source: security@wordfence.com

Third Party Advisory

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2801761%40quiz-master-next&new=2801761%40quiz-master-next&sfp_email=&sfph_mail=

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.