Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expresstech quiz and survey master vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-17599
The quiz-master-next (aka Quiz And Survey Master) plugin prior to 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an malicious user to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). T...
Expresstech Quiz And Survey Master
NA
CVE-2023-0292
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for una...
Expresstech Quiz And Survey Master
6.5
CVSSv2
CVE-2021-24221
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin prior to 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injectio...
Expresstech Quiz And Survey Master
NA
CVE-2023-3575
The Quiz And Survey Master WordPress plugin prior to 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks
Expresstech Quiz And Survey Master
6.8
CVSSv2
CVE-2022-0180
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions before 7.3.7 allows a remote malicious user to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
Expresstech Quiz And Survey Master
4.3
CVSSv2
CVE-2022-0181
Reflected cross-site scripting vulnerability in Quiz And Survey Master versions before 7.3.7 allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Expresstech Quiz And Survey Master
3.5
CVSSv2
CVE-2022-0182
Stored cross-site scripting vulnerability in Quiz And Survey Master versions before 7.3.7 allows a remote authenticated malicious user to inject an arbitrary script via an website that uses Quiz And Survey Master.
Expresstech Quiz And Survey Master
NA
CVE-2023-0291
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated malicio...
Expresstech Quiz And Survey Master
3.5
CVSSv2
CVE-2021-24691
The Quiz And Survey Master WordPress plugin prior to 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Expresstech Quiz And Survey Master
4.3
CVSSv2
CVE-2021-24368
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin prior to 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege...
Expresstech Quiz And Survey Master
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »