CVE-2022-46862: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in ExpressTech Quiz And Survey Master WordPress plugin versions 8.0.7 and below. The vulnerability was discovered on December 9, 2022, and publicly disclosed on February 12, 2023. This security issue affects the Quiz Text Message Setting functionality of the plugin (Patchstack).

The vulnerability stems from the absence of CSRF protection mechanisms when updating the Quiz Text Message Setting in the plugin. It has been assigned CVE-2022-46862 and is classified under CWE-352 (Cross-Site Request Forgery). The vulnerability received a CVSS v3.1 base score of 4.3 (Medium) from Patchstack, while the NVD assessment indicates a higher severity score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow attackers to force authenticated administrators to perform unwanted actions under their current authentication level. This security issue specifically impacts the text message setting update functionality of the plugin (WPScan).

The vulnerability has been fixed in version 8.0.8 of the Quiz And Survey Master plugin. Users are advised to update to version 8.0.8 or later to remediate this security issue. The vulnerability is considered to have a low severity impact and is unlikely to be exploited (Patchstack).