Chained Quiz WordPress Plugin Insecure Direct Object Reference Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the Chained Quiz plugin for WordPress, affecting versions through 1.3.4. The issue arises from the quiz submission and completion processes, where validation is lacking on a user-controlled key. This vulnerability enables unauthenticated attackers to hijack and modify quiz attempts of other users by manipulating the 'chained_completion_id' cookie. Exploitation of this vulnerability allows attackers to change quiz answers, scores, and results for any user.

Impact

Exploitation of this vulnerability allows for unauthorized modification of quiz attempts, including altering answers, scores, and results.

Reproduction

To reproduce this vulnerability, an unauthenticated user can manipulate the 'chained_completion_id' cookie value to hijack and modify another user's quiz attempt. This can be done by sending a request with the altered cookie value, which the plugin does not properly validate before processing quiz submissions.

Remediation

Users are advised to update the Chained Quiz WordPress plugin to version 1.3.6 or a newer patched version.