WordPress Plugin Quiz And Survey Master Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Leveraging AI-informed Cybersecurity to Measure, Communicate, and Eliminate Cyber Risk

Dilip Bachwani, Qualys CTO, shares the Qualys AI strategy with TruRisk AI at QSC 2023. The threat landscape is constantly evolving, and so are the implications of cyber risk across any organization. As attacker tactics become more sophisticated and persistent, cybersecurity strategies must grow...

CVE-2023-46543

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey...

CVE-2023-46543

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey...

PT-2023-30073 · Totolink · Totolink X2000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R Gh version 1.0.0-B20230221.0948.web Description: A stack overflow issue was discovered via the function formWlSiteSurvey. This issue affects the specified version of the TOTOLINK X2000R Gh router. Recommendations: For TOTOLINK...

survey-consulting.com Improper Access Control vulnerability OBB-3764615

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

More helpful resources for users of all skill levels to help you Take a Security Action

Welcome to this weeks edition of the Threat Source newsletter. I continue to be saddened by all the conflict in Israel and Gaza thats still ongoing. Ill be back with a "normal" newsletter next week, as unfortunately, there doesnt seem to be a peaceful solution coming any time soon. In the meantim...

privilege escalation bug to edit survey

BUG ======== normal user can edit any survey AFFTED VERSION ============ 6.2.10 SUMMRUY ========== normal user has view permiision in survey . But still that user can edit the survey by adding that survey to his own group . STEP TO REPRODUCE ================= 1. There is already a superadminuser-...

Decidim Access Control Error Vulnerability

Decidim is a participatory democracy framework, written in Ruby on Rails. An Access Control Error vulnerability exists in Decidim versions prior to 0.26.8, 0.27.4, and 0.27.4, which stems from the templates module not enforcing the correct permissions, which allows any logged in user to access th...

Improper Access Control

Overview decidim-templates is a This module provides a solution to create templates for different Decidim models, such as Proposals and Questionnaires. Affected versions of this package are vulnerable to Improper Access Control due to the broken access control in the templates module. An attacker...

HackerOne: Google Docs link in JS files allows editing & reading survey information

A Google Docs link was discovered in JavaScript files on a website allowing editing and reading of survey information. The link provided access to edit a survey and view some users' emails and responses...

WordPress Quiz And Survey Master Plugin <= 8.1.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.15 Fixed in 8.1.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b180dc3e78fb Credits Unknown Required...

WordPress Survey Maker Plugin < 3.1.2 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ays-pro:surveymaker"; ifdescription...

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024

By the end of 2024, the number of MSPs and MSSPs offering vCISO services is expected to grow by almost 5 fold, as can be seen in figure 1. This incredible surge reflects the growing business demand for specialized cybersecurity expertise and the lucrative opportunities for MSPs and MSSPs in vCISO...

Store XSS in Survey menus

Description I noticed, your website is very secure. But you overlooked a flaw Store DOM XSS . Proof of Concept Detail: 1 .Login vs admin demo account and access Configuration 2 .Go to Survey menus == Survey menus entries 3 .Add new menu entry and insert payload in to GET data method...

Store DOM XSS when create survey

Description I noticed, your website is very secure. But you overlooked a flaw Store DOM XSS . Proof of Concept Detail: 1 .Login vs admin demo account 2 .Create new survey , insert payload in to Survey title: test" onclick = "alertdocument.domain" 3 . Click create == detect Store DOM XSS Video Poc...

Improper Authorization in Import Question function

Description The Import Question function does not check user permissions, allowing users to import questions into any survey without requiring authorization Proof of Concept Step 1: We have user1 who has no permissions Step 2: User1 performs importing questions into the survey by creating a reque...

Friday Squid Blogging: NIWA Annual Squid Survey

Results from the National Institute of Water and Atmospheric Research Limited annual squid survey: This year, the team unearthed spectacular large hooked squids, weighing about 15kg and sitting at 2m long, a Taningia--­which has the largest known light organs in the animal kingdom­--and a few...

privilege escalation bug to creation survey-group with others group as parent

BUG ======= privilege escalation bug to creation survey-group with others group as parent\ ACCOUNT ============= 1. user-A -- superadmin\ 2. user-B -- normal user\ user-B has only create permission in survey-group . does not have view permission in survey group\ as user-B does not have view...

CVE-2023-3575 Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks...