Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 3 days ago31 views

CVE-2026-9233 Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References12
NVD
NVDadded 2024/09/23 6:15 a.m.16 views

CVE-2024-8758

The Quiz and Survey Master QSM WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00363EPSS
Exploits0References1
NVD
NVDadded 2024/08/26 6:15 a.m.11 views

CVE-2024-6879

The Quiz and Survey Master QSM WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting XSS attacks...

4.7CVSS0.00411EPSS
Exploits1References1
CVE
CVEadded 2024/08/03 6:0 a.m.27 views

CVE-2024-6390

The CVE-2024-6390 issue affects the WordPress plugin "Quiz and Survey Master (QSM)" prior to version 9.1.0. The vulnerability arises from insufficient sanitization/escaping of certain Quiz settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., Contributors). Th...

5.9CVSS5.5AI score0.0031EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/08/03 6:0 a.m.14 views

CVE-2024-6390 Quiz and Survey Master (QSM) < 9.1.0 - Contributor+ Stored XSS

The Quiz and Survey Master QSM WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

5.3AI score0.0031EPSS
Exploits1References1
CVE
CVEadded 2024/07/02 6:0 a.m.68 views

CVE-2024-5606

The CVE-2024-5606 entry concerns the WordPress plugin Quiz And Survey Master (QSM) prior to version 9.0.2. A SQL injection affects the qsm_bulk_delete_question_from_database AJAX action due to lack of validation/escaping for the question_id parameter. Public details in connected sources (e.g., Pa...

8.8CVSS9AI score0.00591EPSS
Exploits2References1Affected Software1
NVD
NVDadded 2024/07/01 6:15 a.m.19 views

CVE-2024-4934

The Quiz and Survey Master QSM WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5CVSS0.00351EPSS
Exploits2References1
Rows per page
Query Builder