CVE-2023-36522: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in WePupil Quiz Expert plugin versions 1.5.0 and below for WordPress. The vulnerability was reported on December 30, 2022, and was publicly disclosed on June 27, 2023, receiving the identifier CVE-2023-36522 (Patchstack).

The vulnerability has received varying severity assessments, with the NVD assigning a CVSS v3.1 Base Score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rates it at 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact severity varies case by case, though it has been generally assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue affects versions 1.5.0 and below of the Quiz Expert plugin (Patchstack).