CVE-2022-4219
published 2022-12-02CVE-2022-4219: The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce…
PriorityP416medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.40%
31.5th percentile
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| imagemagick | imagemagick | >= 0 < 8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1 | 8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1 |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1 | 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1 |
| kibokolabs | chained_quiz | <= 1.3.2.4 | — |
| prasunsen | chained_quiz | <= 1.3.2.4 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7jh2-q8mj-7c4r: The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1
ghsa_unreviewed·2022-12-02
CVE-2022-4219 [MEDIUM] CWE-352 GHSA-7jh2-q8mj-7c4r: The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
OSV
imagemagick vulnerabilities
osv·2022-11-24·CVSS 5.5
CVE-2021-20224 imagemagick vulnerabilities
imagemagick vulnerabilities
USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the
corresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. One of the
issues, CVE-2021-20224, only affected Ubuntu 20.04 ESM, while
CVE-2021-20245, CVE-2021-3574, CVE-2021-4219 and CVE-2022-1114 only
affected Ubuntu 22.04 ESM.
Original advisory details:
It was discovered that ImageMagick incorrectly handled certain values
when processing PDF files. If a user or automated system using ImageMagick
were tricked into opening a specially crafted PDF file, an attacker could
exploit this to cause a denial of service. This issue only affected Ubuntu
14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain
val
Red Hat
kernel: Linux kernel: Local denial of service in skbuff due to improper network buffer handling
vendor_redhat·2025-09-17·CVSS 5.5
CVE-2022-50365 [MEDIUM] CWE-805 kernel: Linux kernel: Local denial of service in skbuff due to improper network buffer handling
kernel: Linux kernel: Local denial of service in skbuff due to improper network buffer handling
In the Linux kernel, the following vulnerability has been resolved:
skbuff: Account for tail adjustment during pull operations
Extending the tail can have some unexpected side effects if a program uses
a helper like BPF_FUNC_skb_pull_data to read partial content beyond the
head skb headlen when all the skbs in the gso frag_list are linear with no
head_frag -
kernel BUG at net/core/skbuff.c:4219!
pc : skb_segment+0xcf4/0xd2c
lr : skb_segment+0x63c/0xd2c
Call trace:
skb_segment+0xcf4/0xd2c
__udp_gso_segment+0xa4/0x544
udp4_ufo_fragment+0x184/0x1c0
inet_gso_segment+0x16c/0x3a4
skb_mac_gso_segment+0xd4/0x1b0
__skb_gso_segment+0xcc/0x12c
udp_rcv_segment+0x54/0x16c
udp_queue_rcv_skb+0x78/0x144
udp_un
No detection rules found.
No public exploits indexed.
https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0ehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2826623%40chained-quiz&new=2826623%40chained-quiz&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/cf96887c-6e0d-43d9-a3f2-88981adb4c98?source=cvehttps://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4219https://gist.github.com/Xib3rR4dAr/417a11bcb9b8da28cfe5ba1c17c44d0ehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2826623%40chained-quiz&new=2826623%40chained-quiz&sfp_email=&sfph_mail=https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4219
2022-12-02
Published