Lucene search
+L

2640 matches found

Nuclei
Nuclei
added 10 hours ago27 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS9AI score0.0196EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago72 views

WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting

WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in...

6.1CVSS6.1AI score0.01252EPSS
Exploits3References5
NVD
NVD
added yesterday7 views

CVE-2026-13765

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the checkanswer. This makes it possible for unauthenticated attackers to extract the correct-answer markers...

7.5CVSS0.00388EPSS
Exploits0References14
EUVD
EUVD
added yesterday6 views

EUVD-2026-45137

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the checkanswer. This makes it possible for unauthenticated attackers to extract the correct-answer markers...

7.5CVSS6AI score0.00388EPSS
Exploits0References14
CVE
CVE
added yesterday12 views

CVE-2026-13765

The CVE-2026-13765 entry concerns the LearnPress WordPress LMS Plugin (versions up to 4.4.1). The connected document indicates a root cause of Inadequate access control in REST endpoints, specifically /lp/v1/users/check-answer and /start-quiz, leading to unauthenticated Sensitive Information Expo...

7.5CVSS6AI score0.00388EPSS
Exploits0References14
Cvelist
Cvelist
added yesterday28 views

CVE-2026-13765 LearnPress <= 4.4.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via /lp/v1/users/check-answer and /start-quiz REST Endpoints

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the checkanswer. This makes it possible for unauthenticated attackers to extract the correct-answer markers...

7.5CVSS0.00388EPSS
Exploits0References14
NVD
NVD
added 2 days ago8 views

CVE-2026-15022

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS0.00341EPSS
Exploits0References13
NVD
NVD
added 2 days ago7 views

CVE-2026-13767

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS0.00249EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44888

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS6.1AI score0.00341EPSS
Exploits0References13
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15022 Tutor LMS <= 4.0.0 - Authenticated (Subscriber+) SQL Injection via Stored Quiz Answer Array

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS0.00341EPSS
Exploits0References13
CVE
CVE
added 2 days ago7 views

CVE-2026-15022

The CVE covers Tutor LMS (WordPress) up to version 4.0.0, where a generic SQL Injection via Stored Quiz Answer Array exists due to insufficient escaping and improper query preparation. The vulnerability is stored at quiz-attempt time (wp_ajax_tutor_quiz_abandon) and only executes when a privilege...

6.5CVSS6.1AI score0.00341EPSS
Exploits0References13
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44885

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-13767

CVE-2026-13767 affects the Quiz Master Next WordPress plugin up to version 11.2.0. The issue is a stored SQL injection in the quiz page data via the ‘pages’ parameter, persisted by qsm_ajax_save_pages() and interpolated into an IN() clause in qsm_options_questions_tab_content() without proper pre...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-13767 Quiz and Survey Master (QSM) <= 11.2.0 - Authenticated (Custom+) SQL Injection via 'pages' Parameter

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS0.00249EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-43287

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

6.1AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-12271 Tutor LMS < 3.9.13 - Subscriber+ Arbitrary Quiz Attempt Modification via IDOR

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

0.0017EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-12271

The CVE describes a vulnerability in the Tutor LMS WordPress plugin prior to 3.9.13 where the system does not verify ownership of the targeted quiz attempt before writing to it. This allows authenticated users with subscriber-level access and above to modify and force-complete other students’ qui...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/05 5:0 a.m.42 views

CVE-2026-14706 code-projects Online Examination Quiz Creation Feature update.php sql injection

A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated...

6.5CVSS0.002EPSS
Exploits0References6
Rows per page
Query Builder