EUVD-2021-11281

Malware in sbrugna...

CVE-2020-35951

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurre...

CVE-2023-47834 WordPress Quiz And Survey Master Plugin <= 8.1.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ExpressTech Quiz And Survey Master plugin = 8.1.13 versions...

CVE-2023-0292

The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsmremovefilefdquestion AJAX action. This makes it possible for unauthenticated attacker...

CVE-2023-0292 Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsmremovefilefdquestion AJAX action. This makes it possible for unauthenticated attacker...

WordPress Plugin ExpressTech Quiz And Survey Master 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2022-4032

The CVE-2022-4032 entry concerns the WordPress plugin Quiz and Survey Master. Affected versions are up to and including 8.0.4. The root cause is insufficient input sanitization and output escaping for the question[id] parameter, allowing unauthenticated attackers to inject iframe tags into pages....

CVE-2022-40698

Auth. subscriber+ Cross-Site Scripting XSS vulnerability in Quiz And Survey Master plugin = 7.3.10 on WordPress...

CVE-2022-42883

CVE-2022-42883 describes a sensitive information disclosure in the WordPress plugin Quiz And Survey Master for versions prior to 7.3.11 (up to 7.3.10). The vulnerability affects the plugin’s handling of data and could reveal sensitive information. The practical impact and exact root cause are not...

CVE-2022-41652

Bypass vulnerability in Quiz And Survey Master plugin = 7.3.10 on WordPress...

CVE-2022-41652

CVE-2022-41652 affects the WordPress Quiz And Survey Master plugin up to version 7.3.10, described as a bypass vulnerability. Public sources consistently refer to a bypass of security controls in this plugin version. Impact details in the connected records indicate potential effects on confidenti...

CVE-2021-36906 WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities

Multiple Insecure Direct Object References IDOR vulnerabilities in ExpressTech Quiz And Survey Master plugin = 7.3.6 on WordPress...

WordPress Quiz And Survey Master SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2021-36864

Summary of CVE-2021-36864 : Affected product is the WordPress plugin “Quiz And Survey Master” (aka ExpressTech Quiz And Survey Master)

CVE-2021-36863 WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in ExpressTech Quiz And Survey Master plugin = 7.3.4 on WordPress...

WordPress Quiz And Survey Master plugin <= 7.3.10 - Bypass vulnerability

Bypass vulnerability discovered by Thura Moe Myint Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.10. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.11...

WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

Spoofing

Insecure direct object references IDOR vulnerability in ExpressTech Quiz And Survey Master plugin = 7.3.4 at WordPress allows attackers to change the content of the quiz...

WordPress Quiz And Survey Master plugin CVE-2019-9575

Description The Quiz And Survey Master WordPress plugin is vulnerable to reflected XSS as it echoes the quizid parameter without proper encoding. Successful exploitation allows an attacker to execute JavaScript in the context of the application in the name of an attacked user. This in turn enable...

CVE-2019-9575

The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlwquizresults quizid XSS...