CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

83 matches found

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS7.6AI score0.32072EPSS

Exploits0References3

EUVD•added 2026/04/17 6:31 a.m.•2 views

EUVD-2026-23373

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

5.3CVSS6AI score0.00065EPSS

Exploits0References11

Cvelist•added 2026/04/17 5:29 a.m.•24 views

CVE-2026-5797 Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields

5.3CVSS0.00065EPSS

Exploits0References10

Patchstack•added 2026/03/24 4:49 p.m.•3 views

WordPress Quiz and Survey Master (QSM) plugin <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter vulnerability

Authenticated Contributor+ SQL Injection via 'mergedquestion' Parameter vulnerability discovered by d.v4ns3c in WordPress Plugin Quiz And Survey Master versions = 10.3.5...

6.5CVSS5.9AI score0.00015EPSS

Exploits0References1Affected Software1

CVE•added 2026/03/23 10:25 p.m.•3 views

CVE-2026-2412

The CVE-2026-2412 entry documents a SQL Injection vulnerability in the WordPress plugin “Quiz and Survey Master (QSM)” up to version 10.3.5. The root cause is insufficient sanitization of the merged_question parameter: sanitize_text_field() does not block SQL metacharacters, which are directly co...

6.5CVSS5.9AI score0.00015EPSS

Exploits0References5

Vulnrichment•added 2026/03/23 10:25 p.m.•0 views

CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS5.9AI score0.00015EPSS

Exploits0References5

Cvelist•added 2026/03/23 10:25 p.m.•25 views

CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter

6.5CVSS0.00015EPSS

Exploits0References5

ATTACKERKB•added 2026/03/23 10:25 p.m.•0 views

CVE-2026-2412

6.5CVSS5.9AI score0.00015EPSS

Exploits0References6

CNNVD•added 2026/03/23 12:0 a.m.•2 views

WordPress plugin Quiz and Survey Master SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00015EPSS

Exploits0References5

RedhatCVE•added 2026/02/21 7:30 p.m.•1 views

CVE-2025-67987

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...

8.5CVSS5.8AI score0.00044EPSS

Exploits0References1

NVD•added 2026/02/20 4:22 p.m.•3 views

CVE-2025-67987

8.5CVSS0.00044EPSS

Exploits0References1

Vulnrichment•added 2026/02/20 3:46 p.m.•3 views

CVE-2025-67987 WordPress Quiz And Survey Master plugin <= 10.3.1 - SQL Injection vulnerability

8.5CVSS5.7AI score0.00044EPSS

Exploits0References1

Cvelist•added 2026/02/20 3:46 p.m.•18 views

CVE-2025-67987 WordPress Quiz And Survey Master plugin <= 10.3.1 - SQL Injection vulnerability

8.5CVSS0.00044EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 1:27 p.m.•3 views

CVE-2026-25329

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.4...

4.3CVSS5.5AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 1:26 p.m.•0 views

CVE-2026-25324

Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.4...

5.3CVSS5.5AI score0.00042EPSS

Exploits0References1

NVD•added 2026/02/19 9:16 a.m.•1 views

CVE-2026-25329

4.3CVSS0.00039EPSS

Exploits0References1

NVD•added 2026/02/19 9:16 a.m.•1 views

CVE-2026-25324

5.3CVSS0.00042EPSS

Exploits0References1

Vulnrichment•added 2026/02/19 8:26 a.m.•1 views

CVE-2026-25324 WordPress Quiz And Survey Master plugin <= 10.3.4 - Insecure Direct Object References (IDOR) vulnerability