Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

87 matches found

Nuclei
Nucleiadded yesterday18 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS8.2AI score0.32072EPSS
Exploits0References3
NVD
NVDadded 5 days ago8 views

CVE-2026-6448

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS0.00039EPSS
Exploits0References12
Patchstack
Patchstackadded 6 days ago5 views

WordPress Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin <= 11.1.2 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Quiz And Survey Master versions = 11.1.2...

4.9CVSS5.7AI score0.00039EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 6 days ago10 views

PT-2026-47068

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker versions prior to 11.1.3 Description The plugin is susceptible to time-based blind SQL Injection, a technique where an attacker asks the database true/false questions and determines the...

4.9CVSS5.6AI score0.00039EPSS
Exploits0References15
EUVD
EUVDadded 2026/04/17 6:31 a.m.2 views

EUVD-2026-23373

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

5.3CVSS6AI score0.00065EPSS
Exploits0References11
Cvelist
Cvelistadded 2026/04/17 5:29 a.m.25 views

CVE-2026-5797 Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

5.3CVSS0.00065EPSS
Exploits0References10
Patchstack
Patchstackadded 2026/03/24 4:49 p.m.4 views

WordPress Quiz and Survey Master (QSM) plugin <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter vulnerability

Authenticated Contributor+ SQL Injection via 'mergedquestion' Parameter vulnerability discovered by d.v4ns3c in WordPress Plugin Quiz And Survey Master versions = 10.3.5...

6.5CVSS5.9AI score0.00015EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2026/03/23 10:25 p.m.7 views

CVE-2026-2412

The CVE-2026-2412 entry documents a SQL Injection vulnerability in the WordPress plugin “Quiz and Survey Master (QSM)” up to version 10.3.5. The root cause is insufficient sanitization of the merged_question parameter: sanitize_text_field() does not block SQL metacharacters, which are directly co...

6.5CVSS5.9AI score0.00015EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/23 10:25 p.m.0 views

CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS5.9AI score0.00015EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/23 10:25 p.m.26 views

CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS0.00015EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/23 10:25 p.m.0 views

CVE-2026-2412

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS5.9AI score0.00015EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/03/23 12:0 a.m.4 views

WordPress plugin Quiz and Survey Master SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00015EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/02/21 7:30 p.m.4 views

CVE-2025-67987

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...

8.5CVSS5.8AI score0.00044EPSS
Exploits0References1
NVD
NVDadded 2026/02/20 4:22 p.m.4 views

CVE-2025-67987

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...

8.5CVSS0.00044EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/20 3:46 p.m.3 views

CVE-2025-67987 WordPress Quiz And Survey Master plugin <= 10.3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...

8.5CVSS5.7AI score0.00044EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/20 3:46 p.m.20 views

CVE-2025-67987 WordPress Quiz And Survey Master plugin <= 10.3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...

8.5CVSS0.00044EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/02/20 1:27 p.m.4 views

CVE-2026-25329

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.4...

4.3CVSS5.5AI score0.00039EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/02/20 1:26 p.m.2 views

CVE-2026-25324

Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.4...

5.3CVSS5.5AI score0.00042EPSS
Exploits0References1
NVD
NVDadded 2026/02/19 9:16 a.m.2 views

CVE-2026-25329

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.4...

4.3CVSS0.00039EPSS
Exploits0References1
NVD
NVDadded 2026/02/19 9:16 a.m.2 views

CVE-2026-25324

Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.4...

5.3CVSS0.00042EPSS
Exploits0References1
Rows per page
Query Builder