Expresstech Quiz_and_survey_master
38 CVEs affecting Expresstech Quiz_and_survey_master. Latest disclosed: 2026-01-06. Critical: 3, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-35949 | Critical | 10.0 | 2021-01-01 | An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary… |
CVE-2024-3592 | Critical | 9.9 | 2024-06-07 | The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' paramete… |
CVE-2020-35951 | Critical | 9.9 | 2021-01-01 | An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file… |
CVE-2024-5606 | High | 8.8 | 2024-07-02 | The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_que… |
CVE-2022-0180 | High | 8.8 | 2022-01-17 | Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of admi… |
CVE-2021-24221 | High | 8.8 | 2021-04-12 | The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with th… |
CVE-2021-36898 | High | 7.5 | 2022-10-28 | Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. |
CVE-2023-0291 | High | 7.2 | 2023-06-09 | The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove… |
CVE-2022-4032 | High | 7.2 | 2022-11-29 | The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due… |
CVE-2025-9637 | Medium | 6.5 | 2026-01-06 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missi… |
CVE-2025-9318 | Medium | 6.5 | 2026-01-06 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in… |
CVE-2022-41652 | Medium | 6.5 | 2022-11-18 | Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. |
CVE-2016-11085 | Medium | 6.5 | 2020-08-16 | php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name param… |
CVE-2024-10679 | Medium | 6.1 | 2025-03-25 | The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such… |
CVE-2022-0181 | Medium | 6.1 | 2022-01-17 | Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspe… |
CVE-2021-20792 | Medium | 6.1 | 2021-08-18 | Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vecto… |
CVE-2021-24368 | Medium | 6.1 | 2021-06-20 | The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displayin… |
CVE-2019-17599 | Medium | 6.1 | 2019-12-13 | The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attack… |
CVE-2024-6390 | Medium | 5.9 | 2024-08-03 | The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privil… |
CVE-2024-4934 | Medium | 5.5 | 2024-07-01 | The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post… |