Expresstech

Quiz And Survey Master

51 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-0182

  • EPSS 0.39%
  • Veröffentlicht 17.01.2022 10:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:05

Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.

6.1

CVE-2022-0181

  • EPSS 0.67%
  • Veröffentlicht 17.01.2022 10:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:05

Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.

8.8

CVE-2022-0180

  • EPSS 0.16%
  • Veröffentlicht 17.01.2022 10:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:05

Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.

4.8

CVE-2021-24691

Exploit
  • EPSS 0.21%
  • Veröffentlicht 11.10.2021 11:15:09
  • Zuletzt bearbeitet 21.11.2024 05:53:34

The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capabi...

6.1

CVE-2021-20792

  • EPSS 9.54%
  • Veröffentlicht 18.08.2021 06:15:07
  • Zuletzt bearbeitet 21.11.2024 05:47:11

Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.

6.1

CVE-2021-24368

Exploit
  • EPSS 0.19%
  • Veröffentlicht 20.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:52:55

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This cou...

8.8

CVE-2021-24221

Exploit
  • EPSS 2.57%
  • Veröffentlicht 12.04.2021 14:15:15
  • Zuletzt bearbeitet 21.11.2024 05:52:37

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and lead...

9.9

CVE-2020-35951

Exploit
  • EPSS 58.22%
  • Veröffentlicht 01.01.2021 04:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:35

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordP...

9.8

CVE-2020-35949

Exploit
  • EPSS 10.33%
  • Veröffentlicht 01.01.2021 04:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:35

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading ...

6.5

CVE-2016-11085

Exploit
  • EPSS 0.23%
  • Veröffentlicht 16.08.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 02:45:27

php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.