JVN#72788165
Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

Overview

WordPress Plugin "Quiz And Survey Master" contains multiple vulnerabilities.

Products Affected

• Quiz And Survey Master versions prior to 7.3.7

Description

WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains multiple vulnerabilities listed below.

• Cross-site request forgery (CWE-352) - CVE-2022-0180

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	Base Score: 4.3
  CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:N	Base Score: 2.6

• Reflected cross-site scripting (CWE-79) - CVE-2022-0181

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Base Score: 6.1
  CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:N	Base Score: 2.6

• Stored cross-site scripting (CWE-79) - CVE-2022-0182

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	Base Score: 5.4
  CVSS v2	AV:N/AC:L/Au:S/C:N/I:P/A:N	Base Score: 4.0

Impact

• If a user who is logging in to the product with the administrative privilege accesses a malicious page, unintended operations may be performed - CVE-2022-0180
• An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege - CVE-2022-0181
• An arbitrary script may be executed on the web browser of the user who is accessing a website that uses the product - CVE-2022-0182

Solution

Update the plugin
Update the plugin according to the information provided by the developer.