Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expresstech quiz and survey master vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2020-35951
An issue exists in the Quiz and Survey Master plugin prior to 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an malicious user to reinstall with a WordPress instance under their cont...
Expresstech Quiz And Survey Master
9.8
CVSSv3
CVE-2022-41652
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Expresstech Quiz And Survey Master
9.8
CVSSv3
CVE-2020-35949
An issue exists in the Quiz and Survey Master plugin prior to 7.0.1 for WordPress. It made it possible for unauthenticated malicious users to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type ...
Expresstech Quiz And Survey Master
9.1
CVSSv3
CVE-2023-0291
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated malicio...
Expresstech Quiz And Survey Master
8.8
CVSSv3
CVE-2023-26524
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions.
Expresstech Quiz And Survey Master
8.8
CVSSv3
CVE-2022-46862
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.
Expresstech Quiz And Survey Master
8.8
CVSSv3
CVE-2021-36906
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
Expresstech Quiz And Survey Master
8.8
CVSSv3
CVE-2022-0180
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions before 7.3.7 allows a remote malicious user to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
Expresstech Quiz And Survey Master
8.8
CVSSv3
CVE-2021-24221
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin prior to 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injectio...
Expresstech Quiz And Survey Master
8.1
CVSSv3
CVE-2023-0292
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for una...
Expresstech Quiz And Survey Master
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »