356 matches found
CVE-2026-9230
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress
WordPress Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Quiz Modification and Email Reroute vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Quiz Modification and Email Reroute vulnerability discovered by Kirasec in WordPress Plugin Quiz And Survey Master versions = 11.1.4...
EUVD-2026-39952
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-9233
CVE-2026-9233 affects the WordPress plugin Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker up to version 11.1.4 . The root cause is an authorization bypass in the AJAX action qsm_insert_quiz_template , allowing authenticated users with contributor-level access and above to create, modif...
EUVD-2026-36990
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
CVE-2026-40787 WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
CVE-2026-40787
The vulnerability concerns the WordPress Quiz And Survey Master plugin (versions ≤ 11.0.0). It is an unauthenticated Cross Site Scripting (XSS) flaw identified in these releases. The connected sources confirm the affected product and the XSS impact but do not specify the exact root cause, vulnera...
CVE-2026-40787 WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
PT-2026-49476
Name of the Vulnerable Software and Affected Versions Quiz And Survey Master versions prior to 11.1.3 Description Unauthenticated Cross Site Scripting XSS exists in the software, allowing an attacker to execute malicious scripts in the victim's browser without requiring authentication...
WordPress plugin Quiz and Survey Master SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jakub Herman in WordPress Plugin Quiz And Survey Master versions = 11.0.0...
CVE-2026-5797
The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...
CVE-2026-5797 Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields
The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...
CVE-2026-5797
The CVE-2026-5797 issue affects the WordPress plugin Quiz And Survey Master (QSM) up to version 11.1.0 . The vulnerability stems from insufficient input sanitization of user-submitted quiz answer text and the plugin calling do_shortcode() on the entire results page output, including answers. Sinc...
WordPress Quiz and Survey Master (QSM) plugin <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability
Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Quiz And Survey Master versions = 10.1.0...
PT-2026-33411
The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do shortcode on user-submitted quiz answer text. User-submitted answers pass through sanitize...
CVE-2026-2412
The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...
CVE-2025-67987
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...
CVE-2025-67987 WordPress Quiz And Survey Master plugin <= 10.3.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...
CVE-2025-67987
CVE-2025-67987 affects the WordPress plugin Quiz and Survey Master (quiz-master-next)