Expresstech

Quiz And Survey Master

54 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2026-48867

  • EPSS 0.18%
  • Veröffentlicht 15.06.2026 20:18:55
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

7.1

CVE-2026-40787

  • EPSS 0.18%
  • Veröffentlicht 15.06.2026 20:18:23
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.

4.9

CVE-2026-6448

  • EPSS 0.35%
  • Veröffentlicht 05.06.2026 23:28:27
  • Zuletzt bearbeitet 08.06.2026 14:57:14

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplie...

5.3

CVE-2026-5797

  • EPSS 0.52%
  • Veröffentlicht 17.04.2026 06:16:30
  • Zuletzt bearbeitet 22.04.2026 20:22:50

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do_shortcode() on user-submitted quiz answer te...

6.5

CVE-2026-2412

  • EPSS 0.32%
  • Veröffentlicht 23.03.2026 22:25:39
  • Zuletzt bearbeitet 24.04.2026 16:32:53

The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used i...

8.5

CVE-2025-67987

  • EPSS 0.26%
  • Veröffentlicht 20.02.2026 15:46:31
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3...

4.3

CVE-2026-25329

  • EPSS 0.19%
  • Veröffentlicht 19.02.2026 08:26:56
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.

5.3

CVE-2026-25324

  • EPSS 0.32%
  • Veröffentlicht 19.02.2026 08:26:56
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a ...

4.3

CVE-2026-24358

  • EPSS 0.15%
  • Veröffentlicht 22.01.2026 16:52:44
  • Zuletzt bearbeitet 28.04.2026 03:16:03

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3.

6.5

CVE-2025-9318

  • EPSS 0.22%
  • Veröffentlicht 06.01.2026 09:20:59
  • Zuletzt bearbeitet 09.01.2026 13:24:30

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied...