CVE-2024-3592

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'questionid' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

CVE-2024-3592

CVE-2024-3592 (Quiz and Survey Master for WordPress) is confirmed as a valid SQL Injection vulnerability in all versions up to 9.0.1, caused by insufficient escaping and improper query construction on the question_id parameter. Exploitation requires authenticated access at contributor level or hi...

CVE-2024-3592 Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'questionid' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

WordPress Quiz And Survey Master plugin <= 9.0.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Quiz And Survey Master versions = 9.0.1...

WordPress plugin Quiz And Survey Master Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress Quiz And Survey Master Plugin <= 9.0.1 is vulnerable to SQL Injection

Software Quiz And Survey Master Type Plugin Vulnerable versions = 9.0.1 Fixed in 9.0.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3592 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 26d19aa78d42 Credits Lucio Sá Required privilege Contributor...

PT-2024-26781 · WordPress · The Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress versions up to, and including, 9.0.1 Description: The issue is related to SQL Injection via the question id parameter due to insufficient escaping on the user-suppli...

This Week in Spring - June 4th, 2024

Hi, Spring fans, from London! I'm in this fabulous country doing my level-headed best to refrain from dooing Mr. Bean bits, because, honestly, if I - an avid and prolific fan of Spring and its many beans - can't be "Mr. Bean," then I'm glad Rowan Atkinson is! I'm here for a SpringOne Tour event,...

Cross Site Scripting (XSS)

survey-core is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient sanitization of the imageLink property in questionimage.ts, which allows an attacker to execute malicious scripts via setting contentMode=youtube...

CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...

CVE-2024-4157

CVE-2024-4157 covers a PHP Object Injection vulnerability in the WordPress plugin “Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder.” All versions up to and including 5.1.15 are affected via deserialization in the extractDynamicValues function. Exploitation re...

WordPress Survey Maker plugin < 4.2.9 - Admin+ Stored XSS via Plugin Settings vulnerability

Admin+ Stored XSS via Plugin Settings vulnerability discovered by Krugov Artyom in WordPress Plugin Survey Maker versions 4.2.9...

CVE-2024-4061

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4061

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4061 Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Plugin Survey Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Survey Maker Plugin < 4.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Survey Maker Type Plugin Vulnerable versions 4.2.9 Fixed in 4.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4061 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fc4ec154ec6c Credits Krugov Artyom Required...

PT-2024-28942 · WordPress · Survey Maker

Name of the Vulnerable Software and Affected Versions: The Survey Maker WordPress plugin versions prior to 4.2.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example,...

CVE-2024-2772

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...