CVE-2025-6790
The CVE concerns WordPress plugin Quiz and Survey Master (QSM) versions before 10.2.3. The root cause is lack of CSRF protection when updating plugin settings, which could allow a logged-in admin to have settings modified via CSRF. The vulnerability is identified across multiple sources with a CV...