Lucene search
K

2625 matches found

Nuclei
Nuclei
added 13 hours ago27 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS7.2AI score0.01977EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago72 views

WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting

WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in...

6.1CVSS6.3AI score0.01252EPSS
Exploits3References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-43287

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS6.1AI score0.00132EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-12271 Tutor LMS < 3.9.13 - Subscriber+ Arbitrary Quiz Attempt Modification via IDOR

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

0.00132EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-12271

The CVE describes a vulnerability in the Tutor LMS WordPress plugin prior to 3.9.13 where the system does not verify ownership of the targeted quiz attempt before writing to it. This allows authenticated users with subscriber-level access and above to modify and force-complete other students’ qui...

5.4CVSS6.1AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/05 5:0 a.m.39 views

CVE-2026-14706 code-projects Online Examination Quiz Creation Feature update.php sql injection

A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 5:0 a.m.10 views

EUVD-2026-41727

A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 5:0 a.m.18 views

CVE-2026-14706

CVE-2026-14706 affects code-projects Online Examination 1.0, specifically the Quiz Creation Feature via /update.php?q=addquiz. The issue arises from manipulation of arguments name/total/right/wrong/time/tag/desc, leading to SQL injection. Remote attack possible; exploit publicly available (exploi...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.12 views

PT-2026-55767

Name of the Vulnerable Software and Affected Versions code-projects Online Examination version 1.0 Description An issue exists in the Quiz Creation Feature within the file /update.php?q=addquiz. Remote attackers can perform SQL injection, a technique used to manipulate database queries, by...

6.5CVSS6.7AI score0.002EPSS
Exploits0References12
OSV
OSV
added 2026/07/03 1:33 p.m.3 views

MINI-QG3G-4F29-FG5H

Bulletin has no description...

7.5CVSS5.9AI score0.00394EPSS
Exploits0
NVD
NVD
added 2026/07/03 8:16 a.m.10 views

CVE-2026-9230

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00312EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/07/03 6:50 a.m.40 views

CVE-2026-9230 Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Quiz Modification and Email Reroute via Leaked Nonce from /quiz/structure

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00312EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:50 a.m.5 views

CVE-2026-9230

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00312EPSS
Exploits0References15
EUVD
EUVD
added 2026/07/03 6:50 a.m.7 views

EUVD-2026-41513

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00312EPSS
Exploits0References14
CVE
CVE
added 2026/07/03 6:50 a.m.14 views

CVE-2026-9230

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress

4.3CVSS6AI score0.00312EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55509

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker versions prior to 11.1.5 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attacker...

4.3CVSS5.8AI score0.00312EPSS
Exploits0References19
Patchstack
Patchstack
added 2026/07/02 6:30 p.m.6 views

WordPress Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Quiz Modification and Email Reroute vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Quiz Modification and Email Reroute vulnerability discovered by Kirasec in WordPress Plugin Quiz And Survey Master versions = 11.1.4...

4.3CVSS5.9AI score0.00312EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/27 8:16 a.m.13 views

CVE-2026-9233

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.33 views

CVE-2026-9233 Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References12
Rows per page
Query Builder