WordPress Quiz and Survey Master (QSM) plugin <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter vulnerability

Authenticated Contributor+ SQL Injection via 'mergedquestion' Parameter vulnerability discovered by d.v4ns3c in WordPress Plugin Quiz And Survey Master versions = 10.3.5...

WordPress plugin Quiz and Survey Master SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-9318 Quiz and Survey Master (QSM) <= 10.3.1 - Authenticated (Subscriber+) SQL Injection via `is_linking` Query Parameter

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘islinking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2025-9294

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...

CVE-2025-63054

CVE-2025-63054 is a Missing Authorization issue in WordPress plugin Quiz And Survey Master (QSM) – Quiz Master Next. The vulnerability arises from incorrectly configured access control, enabling unauthorized access due to insufficient authorization checks. Affected software: Quiz And Survey Maste...

CVE-2021-36906

Multiple Insecure Direct Object References IDOR vulnerabilities in ExpressTech Quiz And Survey Master plugin = 7.3.6 on WordPress...