Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Quiz_and_survey_master
(Expresstech)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-09 | CVE-2023-0292 | The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | Quiz_and_survey_master | 8.1 | ||
| 2023-08-07 | CVE-2023-3575 | The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks | Quiz_and_survey_master | 5.4 | ||
| 2022-11-17 | CVE-2021-36905 | Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | Quiz_and_survey_master | 5.4 | ||
| 2022-11-18 | CVE-2022-42883 | Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. | Quiz_and_survey_master | 7.5 | ||
| 2022-11-18 | CVE-2022-41652 | Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | Quiz_and_survey_master | 9.8 | ||
| 2022-11-18 | CVE-2022-40698 | Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | Quiz_and_survey_master | 6.1 | ||
| 2022-11-03 | CVE-2021-36906 | Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | Quiz_and_survey_master | 8.8 | ||
| 2022-10-28 | CVE-2021-36864 | Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | Quiz_and_survey_master | 5.4 | ||
| 2022-10-28 | CVE-2021-36898 | Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | Quiz_and_survey_master | 7.2 | ||
| 2022-10-28 | CVE-2021-36863 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | Quiz_and_survey_master | 5.4 |