CVE-2022-0180: 
WordPress vulnerability analysis and mitigation

Cross-site request forgery (CSRF) vulnerability was discovered in Quiz And Survey Master WordPress plugin versions prior to 7.3.7. The vulnerability was assigned CVE-2022-0180 and was publicly disclosed on January 12, 2022. The affected software is a WordPress plugin that allows users to create quizzes and surveys (JVN Report).

The vulnerability stems from the plugin lacking proper nonce checks, which could allow attackers to make logged users perform unwanted actions through CSRF attacks. The vulnerability has been assigned a CVSS v3.0 base score of 4.3 (Medium) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (WPScan, JVN Report).

If a user with administrative privileges accesses a malicious page, unintended operations may be performed on their behalf. This could potentially lead to unauthorized actions being executed within the plugin's functionality (JVN Report).

Users are advised to update the Quiz And Survey Master plugin to version 7.3.7 or later, which contains the fix for this vulnerability. The update should be installed according to the information provided by the developer (JVN Report).