Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:72788165
HistoryJan 12, 2022 - 12:00 a.m.

JVN#72788165: Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

2022-01-1200:00:00
Japan Vulnerability Notes
jvn.jp
24

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

51.1%

JSON

WordPress Plugin “Quiz And Survey Master” provided by ExpressTech contains multiple vulnerabilities listed below.

Cross-site request forgery (CWE-352) - CVE-2022-0180

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score: 4.3
CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6

Reflected cross-site scripting (CWE-79) - CVE-2022-0181

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6

Stored cross-site scripting (CWE-79) - CVE-2022-0182

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:N Base Score: 4.0

Impact

  • If a user who is logging in to the product with the administrative privilege accesses a malicious page, unintended operations may be performed - CVE-2022-0180
  • An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege - CVE-2022-0181
  • An arbitrary script may be executed on the web browser of the user who is accessing a website that uses the product - CVE-2022-0182

Solution

Update the plugin
Update the plugin according to the information provided by the developer.

Products Affected

  • Quiz And Survey Master versions prior to 7.3.7

Related

prion 3
wpvulndb 3
cve 3
nvd 3
cvelist 3
cnvd 1
prion
prion
Cross site request forgery (csrf)
2022-01-17 10:15:00
Cross site scripting
2022-01-17 10:15:00
Cross site scripting
2022-01-17 10:15:00
wpvulndb
wpvulndb
Quiz And Survey Master < 7.3.7 - CSRF
2022-01-12 00:00:00
Quiz And Survey Master < 7.3.7 - Low Privilege Stored Cross-Site Scripting
2022-01-12 00:00:00
Quiz And Survey Master < 7.3.7 - Reflected Cross-Site Scripting
2022-01-12 00:00:00
cve
cve
CVE-2022-0180
2022-01-17 10:15:08
CVE-2022-0182
2022-01-17 10:15:08
CVE-2022-0181
2022-01-17 10:15:08
nvd
nvd
CVE-2022-0180
2022-01-17 10:15:08
CVE-2022-0181
2022-01-17 10:15:08
CVE-2022-0182
2022-01-17 10:15:08
cvelist
cvelist
CVE-2022-0180
2022-01-17 09:10:26
CVE-2022-0182
2022-01-17 09:10:29
CVE-2022-0181
2022-01-17 09:10:27
cnvd
cnvd
WordPress Quiz And Survey Master plugin cross-site scripting vulnerability
2022-02-11 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

51.1%

JSON
Related for JVN:72788165
prion3wpvulndb3cve3nvd3cvelist3cnvd1