Expresstech Quiz And Survey Master vulnerabilities
46 known vulnerabilities affecting expresstech/quiz_and_survey_master.
Total CVEs
46
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH11MEDIUM30
Vulnerabilities
Page 1 of 3
CVE-2020-35951P1CRITICALCVSS 9.9PoCfixed in 7.0.12021-01-01
CVE-2020-35951 [CRITICAL] CWE-306 CVE-2020-35951: An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows u
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed una
nvd
CVE-2023-28787P2CRITICALCVSS 9.3PoC≥ n/a, ≤ 8.1.42024-03-26
CVE-2023-28787 [CRITICAL] CWE-89 CVE-2023-28787: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
nvd
CVE-2020-35949P2CRITICALCVSS 9.8fixed in 7.0.12021-01-01
CVE-2020-35949 [CRITICAL] CWE-434 CVE-2020-35949: An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use
nvd
CVE-2023-0291P3CRITICALCVSS 9.1≤ 8.0.82023-06-09
CVE-2023-0291 [CRITICAL] CWE-862 CVE-2023-0291: The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capa
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.
nvd
CVE-2021-20792P3MEDIUMCVSS 6.1PoCfixed in 7.1.14vversions prior to 7.1.142021-08-18
CVE-2021-20792 [MEDIUM] CWE-79 CVE-2021-20792: Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remot
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.
nvd
CVE-2021-24221P3HIGHCVSS 8.8fixed in 7.1.122021-04-12
CVE-2021-24221 [HIGH] CWE-89 CVE-2021-24221: The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 di
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, su
nvd
CVE-2024-5606P3HIGHCVSS 8.8fixed in 9.0.22024-07-02
CVE-2024-5606 [HIGH] CWE-89 CVE-2024-5606: The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role
nvd
CVE-2022-41652P3CRITICALCVSS 9.8fixed in 7.3.11≤ 7.3.102022-11-18
CVE-2022-41652 [CRITICAL] CWE-284 CVE-2022-41652: Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
nvd
CVE-2021-36906P3HIGHCVSS 8.8≤ 7.3.62022-11-03
CVE-2021-36906 [HIGH] CWE-639 CVE-2021-36906: Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Mas
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
nvd
CVE-2022-0180P3HIGHCVSS 8.8fixed in 7.3.7vversions prior to 7.3.72022-01-17
CVE-2022-0180 [HIGH] CWE-352 CVE-2022-0180: Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 al
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
nvd
CVE-2024-3592P3MEDIUMCVSS 6.5fixed in 9.0.22024-06-07
CVE-2024-3592 [MEDIUM] CWE-89 CVE-2024-3592: The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for
nvd
CVE-2025-9637P3MEDIUMCVSS 6.5fixed in 10.3.22026-01-06
CVE-2025-9637 [MEDIUM] CWE-862 CVE-2025-9637: The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticated attackers to view the details of unpublished, privat
nvd
CVE-2025-9318P3MEDIUMCVSS 6.5fixed in 10.3.22026-01-06
CVE-2025-9318 [MEDIUM] CWE-89 CVE-2025-9318: The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authe
nvd
CVE-2023-0292P3HIGHCVSS 8.1≤ 8.0.82023-06-09
CVE-2023-0292 [HIGH] CWE-352 CVE-2023-0292: The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request
nvd
CVE-2021-36898P3HIGHCVSS 7.2≤ 7.3.42022-10-28
CVE-2021-36898 [HIGH] CWE-89 CVE-2021-36898: Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
nvd
CVE-2022-42883P3HIGHCVSS 7.5≤ 7.3.102022-11-18
CVE-2022-42883 [HIGH] CWE-200 CVE-2022-42883: Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
nvd
CVE-2023-26524P3HIGHCVSS 8.8≤ 8.0.102023-11-13
CVE-2023-26524 [HIGH] CWE-352 CVE-2023-26524: Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, E
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions.
nvd
CVE-2022-46862P4HIGHCVSS 8.8fixed in 8.0.82023-02-14
CVE-2022-46862 [HIGH] CWE-352 CVE-2022-46862: Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, E
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.
nvd
CVE-2026-40787P4HIGHCVSS 7.1≥ n/a, ≤ 11.0.02026-06-15
CVE-2026-40787 [HIGH] CWE-79 CVE-2026-40787: Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
nvd
CVE-2026-48867P4HIGHCVSS 7.1≥ n/a, ≤ 11.1.22026-06-15
CVE-2026-48867 [HIGH] CWE-79 CVE-2026-48867: Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
nvd
1 / 3Next →