Expresstech

Quiz And Survey Master

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2024-27966

  • EPSS 0.12%
  • Veröffentlicht 11.04.2024 01:25:06
  • Zuletzt bearbeitet 21.11.2024 09:05:31

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.

9.3

CVE-2023-28787

  • EPSS 29.45%
  • Veröffentlicht 26.03.2024 21:15:50
  • Zuletzt bearbeitet 21.11.2024 07:56:00

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.

5.4

CVE-2023-51521

  • EPSS 0.05%
  • Veröffentlicht 16.03.2024 01:15:50
  • Zuletzt bearbeitet 21.11.2024 08:38:18

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18.

8.8

CVE-2023-26524

  • EPSS 0.07%
  • Veröffentlicht 13.11.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 07:51:40

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions.

5.4

CVE-2023-3575

Exploit
  • EPSS 0.15%
  • Veröffentlicht 07.08.2023 15:15:11
  • Zuletzt bearbeitet 23.04.2025 17:16:38

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

8.1

CVE-2023-0292

Exploit
  • EPSS 0.42%
  • Veröffentlicht 09.06.2023 06:15:49
  • Zuletzt bearbeitet 21.11.2024 07:36:54

The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. ...

9.1

CVE-2023-0291

  • EPSS 0.09%
  • Veröffentlicht 09.06.2023 06:15:48
  • Zuletzt bearbeitet 21.11.2024 07:36:54

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possib...

8.8

CVE-2022-46862

  • EPSS 0.17%
  • Veröffentlicht 14.02.2023 12:15:15
  • Zuletzt bearbeitet 21.11.2024 07:31:11

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.

5.3

CVE-2022-4033

  • EPSS 0.22%
  • Veröffentlicht 29.11.2022 21:15:12
  • Zuletzt bearbeitet 21.11.2024 07:34:29

The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than ...

6.1

CVE-2022-4032

  • EPSS 1.85%
  • Veröffentlicht 29.11.2022 21:15:12
  • Zuletzt bearbeitet 21.11.2024 07:34:28

The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injec...