5 matches found
CVE-2026-2412
The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...
WordPress Quiz and Survey Master (QSM) plugin <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter vulnerability
Authenticated Contributor+ SQL Injection via 'mergedquestion' Parameter vulnerability discovered by d.v4ns3c in WordPress Plugin Quiz And Survey Master versions = 10.3.5...
CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter
The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...
CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter
The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...
PT-2026-27249
The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'merged question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitize text field function...