Lucene search

CVE-2022-4220

🗓️ 02 Dec 2022 20:13:11Reported by WordfenceType

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forger

Reporter	Title	Published	Views	Family All 5
WPVulnDB	Chained Quiz < 1.3.2.5 - Arbitrary Question Deletion via CSRF	2 Dec 202200:00	–	wpvulndb
Vulnrichment	CVE-2022-4220	2 Dec 202220:11	–	vulnrichment
Prion	Cross site request forgery (csrf)	2 Dec 202221:15	–	prion
CVE	CVE-2022-4220	2 Dec 202221:15	–	cve
NVD	CVE-2022-4220	2 Dec 202221:15	–	nvd

[
  {
    "vendor": "prasunsen",
    "product": "Chained Quiz",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.3.2.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
wordfence	www.wordfence.com/vulnerability-advisories-continued/
plugins	www.plugins.trac.wordpress.org/browser/chained-quiz/trunk/controllers/questions.php
gist	www.gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0e

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Dec 2022 20:11Current

5.4Medium risk

Vulners AI Score5.4

CVSS35.4

EPSS0.00178