Expresstech Quiz_and_survey_master

38 CVEs affecting Expresstech Quiz_and_survey_master. Latest disclosed: 2026-01-06. Critical: 3, High: 6.

Top CVEs affecting Expresstech Quiz_and_survey_master
CVESeverityScorePublishedSummary
CVE-2020-35949Critical10.02021-01-01An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary…
CVE-2024-3592Critical9.92024-06-07The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' paramete…
CVE-2020-35951Critical9.92021-01-01An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file…
CVE-2024-5606High8.82024-07-02The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_que…
CVE-2022-0180High8.82022-01-17Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of admi…
CVE-2021-24221High8.82021-04-12The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with th…
CVE-2021-36898High7.52022-10-28Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2023-0291High7.22023-06-09The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove…
CVE-2022-4032High7.22022-11-29The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due…
CVE-2025-9637Medium6.52026-01-06The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missi…
CVE-2025-9318Medium6.52026-01-06The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in…
CVE-2022-41652Medium6.52022-11-18Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2016-11085Medium6.52020-08-16php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name param…
CVE-2024-10679Medium6.12025-03-25The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such…
CVE-2022-0181Medium6.12022-01-17Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspe…
CVE-2021-20792Medium6.12021-08-18Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vecto…
CVE-2021-24368Medium6.12021-06-20The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displayin…
CVE-2019-17599Medium6.12019-12-13The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attack…
CVE-2024-6390Medium5.92024-08-03The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privil…
CVE-2024-4934Medium5.52024-07-01The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post…