WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-9294

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

CVE-2025-9294

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

CVE-2025-9294 Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

CVE-2025-9294 Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

PT-2026-1427

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress versions through 10.3.1 Description The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is susceptible to unauthorized data loss. This...

CVE-2024-5438

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

Quiz And Survey Master < 8.1.19 - Multiple Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.1.18. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to show disabled contact fields and delete quiz results...

SUSE CVE-2010-2231

Cross-site request forgery CSRF vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter...

Cross site request forgery (csrf)

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request...

CVE-2020-36504

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog...

CVE-2010-2231

Moodle vulnerability CVE-2010-2231 is a CSRF in the quiz module (report/overview/report.php). Affects Moodle versions before 1.8.13 and 1.9.x before 1.9.9. The flaw allows remote attackers to hijack the authentication of arbitrary users to issue requests that delete quiz attempts via the attempti...