6.5

CVE-2025-9637

EPSS 0.09%
Veröffentlicht 06.01.2026 09:20:58
Zuletzt bearbeitet 09.01.2026 13:25:57
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticated attackers to view the details of unpublished, private, or password-protected quizzes, as well as submit file responses to questions from those quizzes, which allow file upload.

Mögliche Gegenmaßnahme

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker: Update to version 10.3.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

Version *-10.3.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Expresstech ≫ Quiz And Survey Master SwPlatformwordpress Version < 10.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.266

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.wordfence.com/threat-intel/vulnerabilities/id/88a9abf4-62a9-4695-87e7-18ff0b0075e9?source=cve

Third Party Advisory

https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/classes/class-qmn-quiz-manager.php#L281

Product

https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/classes/class-qmn-quiz-manager.php#L1987

Product

https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/rest-api.php

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/88a9abf4-62a9-4695-87e7-18ff0b0075e9

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-9637

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9637

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9637

EUVD