WordPress plugin Survey & Poll SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-39516

WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp sap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...

If a fake moustache can fool age checks, is the Online Safety Act working?

A report based on a survey by the UK’s Internet Matters shows that much of the responsibility for managing the online safety of children still falls on families. The Online Safety Act came into effect in July, 2025, and the report explores what has changed in the online lives of UK families since...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: wcn36xx – Fix the memory allocation size for channel survey. KASAN reported a memory allocation issue in wcn-chansurvey, due to incorrect size calculations. This commit uses kcalloc to allocate memory for wcn-chansurvey,...

CVE-2026-7510

A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been...

CVE-2026-7510 OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization

A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been...

CVE-2026-7510

The CVE-2026-7510 entry concerns OWAP DefectDojo up to 2.55.4, with an authorization bypass affecting the Benchmark/Engagement/Product/Survey functionality. The issue is reachable remotely and is supported by a public disclosure; upgrading to DefectDojo 2.56.0 addresses the vulnerability (patch e...

CVE-2026-7510 OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization

A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been...

DefectDojo 授权问题漏洞

DefectDojo is an application security and vulnerability management tool developed by DefectDojo. Versions of DefectDojo 2.55.4 and earlier contained a vulnerability related to authorization. This vulnerability stemmed from unknown functions within the Benchmark/Engagement/Product/Survey component...

PT-2026-36213

Name of the Vulnerable Software and Affected Versions OWAP DefectDojo versions prior to 2.56.0 Description An issue exists in the Benchmark, Engagement, Product, and Survey components where a manipulation can lead to a remote authorization bypass, allowing an attacker to circumvent access control...

WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jakub Herman in WordPress Plugin Quiz And Survey Master versions = 11.0.0...

CVE-2026-5797

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

CVE-2026-5797

The CVE-2026-5797 issue affects the WordPress plugin Quiz And Survey Master (QSM) up to version 11.1.0 . The vulnerability stems from insufficient input sanitization of user-submitted quiz answer text and the plugin calling do_shortcode() on the entire results page output, including answers. Sinc...

CVE-2026-5797 Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

WordPress Quiz and Survey Master (QSM) plugin <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability

Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Quiz And Survey Master versions = 10.1.0...

PT-2026-33411

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do shortcode on user-submitted quiz answer text. User-submitted answers pass through sanitize...

CVE-2026-35403

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the surveyaccounts module if a user provid...

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...