CVE-2024-8758

The Quiz and Survey Master QSM WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6879

The Quiz and Survey Master QSM WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting XSS attacks...

CVE-2024-6390 Quiz and Survey Master (QSM) < 9.1.0 - Contributor+ Stored XSS

The Quiz and Survey Master QSM WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-6390

The CVE-2024-6390 issue affects the WordPress plugin "Quiz and Survey Master (QSM)" prior to version 9.1.0. The vulnerability arises from insufficient sanitization/escaping of certain Quiz settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., Contributors). Th...

CVE-2024-5606

The CVE-2024-5606 entry concerns the WordPress plugin Quiz And Survey Master (QSM) prior to version 9.0.2. A SQL injection affects the qsm_bulk_delete_question_from_database AJAX action due to lack of validation/escaping for the question_id parameter. Public details in connected sources (e.g., Pa...

CVE-2024-4934

The Quiz and Survey Master QSM WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...