CVE-2022-0180 – This CSRF vulnerability in Quiz And Survey Mast... (How to Fix)

📋 TL;DR

This CSRF vulnerability in Quiz And Survey Master WordPress plugin allows attackers to trick administrators into performing unintended actions by visiting malicious web pages. It affects all WordPress sites running plugin versions before 7.3.7. Attackers can hijack administrator sessions to modify quiz/survey content or potentially perform other administrative operations.

💻 Affected Systems

Products:

Quiz And Survey Master WordPress Plugin

Versions: All versions prior to 7.3.7

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the vulnerable plugin installed and activated. Requires administrator to be logged in and visit malicious page.

📦 What is this software?

Quiz And Survey Master by Expresstech

View all CVEs affecting Quiz And Survey Master →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify all quiz/survey content, inject malicious code into quizzes, change plugin settings, or potentially escalate to full WordPress compromise through plugin functionality.

🟠

Likely Case

Attackers modify quiz/survey content to include malicious links or tracking code, potentially affecting all users who take quizzes.

🟢

If Mitigated

With proper CSRF protections or updated plugin, administrators are protected from unauthorized actions triggered by malicious sites.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. Requires administrator to be logged into WordPress and visit malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.3.7

Vendor Advisory: https://quizandsurveymaster.com/

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Quiz And Survey Master'
4. Click 'Update Now' if available
5. Or download version 7.3.7+ from WordPress repository
6. Upload and replace existing plugin files

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add custom CSRF tokens to plugin forms via WordPress hooks

Add wp_nonce_field() to plugin forms and verify with wp_verify_nonce()

Restrict Administrator Access

all

Limit administrator accounts to trusted networks only

Use .htaccess or firewall rules to restrict /wp-admin access to specific IPs

🧯 If You Can't Patch

Disable the Quiz And Survey Master plugin entirely
Implement web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Quiz And Survey Master → Version number

Check Version:

wp plugin list --name='quiz-and-survey-master' --field=version

Verify Fix Applied:

Verify version is 7.3.7 or higher in WordPress plugins page

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /wp-admin/admin-ajax.php from same IP with different referrers
Unauthorized quiz/survey modifications in plugin logs

Network Indicators:

HTTP requests with suspicious referrer headers pointing to external domains
CSRF attack patterns in web application firewall logs

SIEM Query:

source="wordpress.logs" AND (uri_path="/wp-admin/admin-ajax.php" OR plugin="quiz-and-survey-master") AND http_method="POST" AND referrer CONTAINS external_domain

📊 Metadata

CVE ID: CVE-2022-0180

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: January 17, 2022

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/jp/JVN72788165/index.html Third Party Advisory
https://quizandsurveymaster.com/ Product
https://wordpress.org/plugins/quiz-master-next/ Vendor Advisory
https://jvn.jp/en/jp/JVN72788165/index.html Third Party Advisory
https://quizandsurveymaster.com/ Product
https://wordpress.org/plugins/quiz-master-next/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0180, you might also want to check these: