CVE-2023-0292 Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsmremovefilefdquestion AJAX action. This makes it possible for unauthenticated attacker...

CVE-2023-0291

CVE-2023-0291 affects the WordPress plugin Quiz And Survey Master (versions up to and including 8.0.8). The issue is a missing capability check in the function tied to the qsm_remove_file_fd_question AJAX action, enabling unauthenticated attackers to delete arbitrary media files. Connected source...

WordPress Plugin Quiz And Survey Master 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Plugin Quiz And Survey Master 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-2572

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Cross site scripting

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2572 Survey Maker < 3.4.7 - Reflected XSS

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2572 Survey Maker < 3.4.7 - Reflected XSS

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

The Annual Report: 2024 Plans and Priorities for SaaS Security

Over 55% of security executives report that they have experienced a SaaS security incident in the past two years — ranging from data leaks and data breaches to SaaS ransomware and malicious apps as seen in figures 1 and 2. --- Figure 1. How many organizations have experienced a SaaS security...

PT-2023-20272 · WordPress · Survey Maker

Name of the Vulnerable Software and Affected Versions: Survey Maker WordPress plugin versions prior to 3.4.7 Description: The issue concerns Reflected Cross-Site Scripting, where some parameters are not properly escaped before being outputted back in attributes. This could be exploited against...

WordPress plugin Survey Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's Certified CISO Hall of Fame Report 2023

A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in...

Private APIs at Risk: Q1-2023 API ThreatStats™ Report

According to a Mar-2022 API survey by Gartner, 98% of organizations use or are planning to use internal APIs – up from 88% in 2019. And 90% of organizations use or are planning to use private APIs provided by partners – up from 68% in 2019. Obviously, there’s a big blind spot in your API security...

Stored XSS in End page

Description Allows a user who only has the authority to create surveys not the administrator to bypass validation and embed javascript schemes when creating surveys Step to reproduce - Login as administrator 1. Open User management and Create a user with create surveys only permissions. 1. Logout...

Novi Survey Detection

Binary data novisurveydetect.nbin...

The Velociraptor 2023 Annual Community Survey

By Dr. Mike Cohen & Carlos Canto Velociraptor is an open-source project led and shaped by the community. Over the years, Velociraptor has become a real force in the field of DFIR, making it an obvious choice for many operational situations. Rapid7 is committed to continue making Velociraptor the...

The vulnerability of Novi Survey’s software for conducting surveys lies in its ability to restore unreliable data in memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of Novi Survey’s software for conducting surveys is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2023-21962

Name of the Vulnerable Software and Affected Versions ExpressTech Quiz And Survey Master versions through 8.1.4 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...

CISA and CESER Releases Software Bill of Materials (SBOM) Sharing Lifecycle Report

CISA and the U.S. Department of Energy DOE Cybersecurity, Energy Security, and Emergency Response CESER have released the SBOM Sharing Lifecycle Report to the cybersecurity and supply chain community. The purpose of this report is to enumerate and describe the different parties and phases of the...

WordPress Quiz And Survey Master Plugin <= 8.1.4 is vulnerable to SQL Injection

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.4 Fixed in 8.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28787 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 34ea65c01c78 Credits Rafie Muhammad Patchstack Required...