7 matches found
CVE-2025-9294
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsmdashboarddeleteresult function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers,...
WordPress Tripetto plugin <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Results Deletion vulnerability discovered by Duc Manh in WordPress Plugin WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto versions = 8.0.9...
CVE-2025-1530 Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion
The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site...
WordPress NPS computy plugin < 2.7.6 - Results Deletion via CSRF vulnerability
Results Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin NPS computy versions 2.7.6...
NPS computy < 2.7.6 - Results Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make a logged in admin open the following: The result is that all existing poll responses are deleted...
NPS computy < 2.7.6 - Results Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open the following: The result is that all existing poll responses are deleted...
CVE-2013-4500
CVE-2013-4500 concerns the Drupal Quiz module (6.x-4.x) prior to 6.x-4.5. The root cause is insufficient access control: remote authenticated users with either "view any quiz results" or "view results for own quiz" permissions can delete arbitrary results via the delete option. Impact is denial o...