Expresstech

Quiz And Survey Master

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-10679

Exploit
  • EPSS 0.08%
  • Veröffentlicht 25.03.2025 06:00:09
  • Zuletzt bearbeitet 06.05.2025 20:00:37

The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab...

4.3

CVE-2023-37984

  • EPSS 0.15%
  • Veröffentlicht 13.12.2024 15:15:18
  • Zuletzt bearbeitet 13.12.2024 15:15:18

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.

4.8

CVE-2024-8758

  • EPSS 0.27%
  • Veröffentlicht 23.09.2024 06:15:04
  • Zuletzt bearbeitet 07.10.2024 21:35:03

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab...

4.7

CVE-2024-6879

Exploit
  • EPSS 0.31%
  • Veröffentlicht 26.08.2024 06:15:04
  • Zuletzt bearbeitet 17.05.2025 02:09:38

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cro...

5.9

CVE-2024-6390

Exploit
  • EPSS 0.12%
  • Veröffentlicht 03.08.2024 06:16:29
  • Zuletzt bearbeitet 06.06.2025 16:10:55

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

5.4

CVE-2024-6025

Exploit
  • EPSS 0.26%
  • Veröffentlicht 11.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:48:47

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks

8.8

CVE-2024-5606

Exploit
  • EPSS 0.11%
  • Veröffentlicht 02.07.2024 06:15:04
  • Zuletzt bearbeitet 21.11.2024 09:48:00

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and...

5.5

CVE-2024-4934

Exploit
  • EPSS 0.17%
  • Veröffentlicht 01.07.2024 06:15:23
  • Zuletzt bearbeitet 01.05.2025 19:37:29

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to pe...

5.3

CVE-2023-51507

  • EPSS 0.21%
  • Veröffentlicht 14.06.2024 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:38:16

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.

6.5

CVE-2024-3592

  • EPSS 0.57%
  • Veröffentlicht 07.06.2024 06:15:10
  • Zuletzt bearbeitet 21.11.2024 09:29:56

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supp...