Expresstech

Quiz And Survey Master

54 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-6025

Exploit
  • EPSS 0.38%
  • Veröffentlicht 11.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:48:47

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks

8.8

CVE-2024-5606

Exploit
  • EPSS 0.59%
  • Veröffentlicht 02.07.2024 06:15:04
  • Zuletzt bearbeitet 21.11.2024 09:48:00

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and...

5.5

CVE-2024-4934

Exploit
  • EPSS 0.35%
  • Veröffentlicht 01.07.2024 06:15:23
  • Zuletzt bearbeitet 01.05.2025 19:37:29

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to pe...

5.3

CVE-2023-51507

  • EPSS 0.31%
  • Veröffentlicht 14.06.2024 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:38:16

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.

6.5

CVE-2024-3592

  • EPSS 0.48%
  • Veröffentlicht 07.06.2024 06:15:10
  • Zuletzt bearbeitet 08.04.2026 19:21:23

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supp...

5.9

CVE-2024-27966

  • EPSS 0.34%
  • Veröffentlicht 11.04.2024 01:25:06
  • Zuletzt bearbeitet 28.04.2026 19:23:35

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.

9.3

CVE-2023-28787

  • EPSS 1.98%
  • Veröffentlicht 26.03.2024 21:15:50
  • Zuletzt bearbeitet 28.04.2026 19:20:09

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.

5.4

CVE-2023-51521

  • EPSS 0.2%
  • Veröffentlicht 16.03.2024 01:15:50
  • Zuletzt bearbeitet 28.04.2026 19:22:50

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18.

8.8

CVE-2023-26524

  • EPSS 0.31%
  • Veröffentlicht 13.11.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 07:51:40

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions.

5.4

CVE-2023-3575

Exploit
  • EPSS 0.47%
  • Veröffentlicht 07.08.2023 15:15:11
  • Zuletzt bearbeitet 23.04.2025 17:16:38

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks