Latest expresstech quiz and survey master Vulnerabilities

CVE-2023-26524
WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF)
Expresstech Quiz And Survey Master<=8.0.10
CVE-2023-3575
The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Sit...
Expresstech Quiz And Survey Master<8.1.11
CVE-2023-0292
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated ...
Expresstech Quiz And Survey Master<=8.0.8
CVE-2023-0291
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions...
Expresstech Quiz And Survey Master<=8.0.8
CVE-2022-46862
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.
Expresstech Quiz And Survey Master<8.0.8
CVE-2022-4032
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and ou...
Expresstech Quiz And Survey Master<=8.0.4
CVE-2022-4033
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation t...
Expresstech Quiz And Survey Master<=8.0.4
CVE-2022-42883
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Expresstech Quiz And Survey Master<=7.3.10
CVE-2022-40698
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Expresstech Quiz And Survey Master<7.3.11
CVE-2022-41652
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Expresstech Quiz And Survey Master<7.3.11
CVE-2021-36905
Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
Expresstech Quiz And Survey Master<7.3.5
CVE-2021-36906
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
Expresstech Quiz And Survey Master<=7.3.6
CVE-2021-36898
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
Expresstech Quiz And Survey Master<=7.3.4
CVE-2021-36864
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
Expresstech Quiz And Survey Master<=7.3.4
CVE-2021-36863
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
Expresstech Quiz And Survey Master<=7.3.4
CVE-2022-0182
Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Surve...
Expresstech Quiz And Survey Master<7.3.7
CVE-2022-0180
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operatio...
Expresstech Quiz And Survey Master<7.3.7
CVE-2022-0181
Expresstech Quiz And Survey Master<7.3.7
CVE-2021-24691
The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scri...
Expresstech Quiz And Survey Master<7.3.2
CVE-2021-20792
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.
Expresstech Quiz And Survey Master<7.1.14
CVE-2021-24368
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading...
Expresstech Quiz And Survey Master<7.1.18
CVE-2021-24221
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id att...
Expresstech Quiz And Survey Master<7.1.12
CVE-2020-35951
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offli...
Expresstech Quiz And Survey Master<7.0.1
CVE-2016-11085
php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishand...
Expresstech Quiz And Survey Master<4.7.9
CVE-2019-17599
The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScri...
Expresstech Quiz And Survey Master<6.3.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203