CVE-2022-4033: 
WordPress vulnerability analysis and mitigation

The Quiz and Survey Master plugin for WordPress (versions up to and including 8.0.4) contains an input validation vulnerability tracked as CVE-2022-4033. The vulnerability allows attackers to bypass input validation via the 'question[id]' parameter due to insufficient validation controls that enable injection of content other than the specified value (NVD).

The vulnerability is classified as CWE-20 (Improper Input Validation) with a CVSS v3.1 base score of 5.3 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The issue specifically affects the input validation mechanism for the 'question[id]' parameter, allowing attackers to submit values other than the intended input type, such as numbers or file paths (NVD, Wordfence).

When exploited, this vulnerability allows attackers to inject content other than the specified value types, potentially leading to unauthorized content manipulation. The CVSS score indicates that while the vulnerability can be exploited remotely without authentication, it only results in low impact to integrity with no direct impact on confidentiality or availability (NVD).

The vulnerability was patched in version 8.0.5 of the Quiz and Survey Master plugin. Users should update to this version or later to mitigate the risk (WordPress Plugin).