Search

Find a vulnerability

Search criteria

    24 vulnerabilities found for Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker by expresstech

    CVE-2026-9233 (GCVE-0-2026-9233)

    Vulnerability from nvd – Published: 2026-06-27 06:50 – Updated: 2026-06-29 19:04
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to create, modify, and delete quiz output templates stored in the mlw_quiz_output_templates database table, including storing unsanitized HTML content such as arbitrary script tags.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Weerawat Pawanawiwat (ErbaZZ)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9233",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T19:04:11.317122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T19:04:24.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Weerawat Pawanawiwat (ErbaZZ)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to create, modify, and delete quiz output templates stored in the mlw_quiz_output_templates database table, including storing unsanitized HTML content such as arbitrary script tags."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T06:50:57.158Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38db911b-cad5-4c8c-b0a4-70dc543b4591?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/php/admin/functions.php#L1557"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/php/admin/functions.php#L1563"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/php/admin/functions.php#L1638"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/php/admin/options-page-email-tab.php#L52"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/mlw_quizmaster2.php#L931"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/php/admin/functions.php#L1557"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/php/admin/functions.php#L1563"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/php/admin/functions.php#L1638"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/php/admin/options-page-email-tab.php#L52"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/mlw_quizmaster2.php#L931"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3570062%40quiz-master-next\u0026new=3570062%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-26T17:57:43.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-9233",
        "datePublished": "2026-06-27T06:50:57.158Z",
        "dateReserved": "2026-05-21T18:39:37.842Z",
        "dateUpdated": "2026-06-29T19:04:24.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6448 (GCVE-0-2026-6448)

    Vulnerability from nvd – Published: 2026-06-05 23:28 – Updated: 2026-06-06 11:48
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. If the secret key is exposed, this can be exploited by lower-privileged users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Drew Webber
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-06T11:39:23.195717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-06T11:48:49.465Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Drew Webber"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the \u0027order\u0027 parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. If the secret key is exposed, this can be exploited by lower-privileged users."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T23:28:27.562Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d230b781-e208-4e66-b8ed-aba72db8d8dc?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L164"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L164"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L131"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L131"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L126"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L126"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L243"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L243"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L374"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L374"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3547016%40quiz-master-next\u0026new=3547016%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T10:44:40.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 11.1.2 - Authenticated (Admin+) SQL Injection via \u0027order\u0027 and \u0027limit\u0027 Parameters"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-6448",
        "datePublished": "2026-06-05T23:28:27.562Z",
        "dateReserved": "2026-04-16T18:50:05.153Z",
        "dateUpdated": "2026-06-06T11:48:49.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5797 (GCVE-0-2026-5797)

    Vulnerability from nvd – Published: 2026-04-17 05:29 – Updated: 2026-04-17 11:14
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields
    Summary
    The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do_shortcode() on user-submitted quiz answer text. User-submitted answers pass through sanitize_text_field() and htmlspecialchars(), which only strip HTML tags but do not encode or remove shortcode brackets [ and ]. When quiz results are displayed, the plugin calls do_shortcode() on the entire results page output (including user answers), causing any injected shortcodes to be executed. This makes it possible for unauthenticated attackers to inject arbitrary WordPress shortcodes such as [qsm_result id=X] to access other users' quiz submissions without authorization, as the qsm_result shortcode lacks any authorization checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Credits
    Rafshanzani Suhada
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5797",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-17T11:14:23.425236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T11:14:55.597Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rafshanzani Suhada"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do_shortcode() on user-submitted quiz answer text. User-submitted answers pass through sanitize_text_field() and htmlspecialchars(), which only strip HTML tags but do not encode or remove shortcode brackets [ and ]. When quiz results are displayed, the plugin calls do_shortcode() on the entire results page output (including user answers), causing any injected shortcodes to be executed. This makes it possible for unauthenticated attackers to inject arbitrary WordPress shortcodes such as [qsm_result id=X] to access other users\u0027 quiz submissions without authorization, as the qsm_result shortcode lacks any authorization checks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T05:29:26.679Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2aa33cc-c1c4-42d4-9c2f-54648426ee4b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-results-pages.php#L193"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-results-pages.php#L193"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qmn-quiz-manager.php#L572"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qmn-quiz-manager.php#L572"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/question-types/class-question-review-text.php#L15"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/question-types/class-question-review-text.php#L15"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/question-types/class-question-review.php#L40"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/question-types/class-question-review.php#L40"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3506094%40quiz-master-next\u0026new=3506094%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-16T16:42:59.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-5797",
        "datePublished": "2026-04-17T05:29:26.679Z",
        "dateReserved": "2026-04-08T14:08:20.955Z",
        "dateUpdated": "2026-04-17T11:14:55.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2412 (GCVE-0-2026-2412)

    Vulnerability from nvd – Published: 2026-03-23 22:25 – Updated: 2026-04-08 17:16
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter
    Summary
    The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitize_text_field() function applied to the merged_question parameter does not prevent SQL metacharacters like ), OR, AND, and # from being included in the value, which is then directly concatenated into a SQL IN() clause without using $wpdb->prepare() or casting values to integers. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Thanh Hao
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T18:44:37.199895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T18:44:44.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.3.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thanh Hao"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the \u0027merged_question\u0027 parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitize_text_field() function applied to the merged_question parameter does not prevent SQL metacharacters like ), OR, AND, and # from being included in the value, which is then directly concatenated into a SQL IN() clause without using $wpdb-\u003eprepare() or casting values to integers. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:16:36.412Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b32bf1cb-3722-41fc-be51-dabe80416b14?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-questions.php#L387"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/rest-api.php#L760"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3486710/quiz-master-next/trunk/php/rest-api.php"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3486710/quiz-master-next/trunk/php/classes/class-qsm-questions.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-23T10:09:13.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 10.3.5 - Authenticated (Contributor+) SQL Injection via \u0027merged_question\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-2412",
        "datePublished": "2026-03-23T22:25:39.767Z",
        "dateReserved": "2026-02-12T16:12:41.339Z",
        "dateUpdated": "2026-04-08T17:16:36.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9637 (GCVE-0-2025-9637)

    Vulnerability from nvd – Published: 2026-01-06 09:20 – Updated: 2026-04-08 17:05
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticated attackers to view the details of unpublished, private, or password-protected quizzes, as well as submit file responses to questions from those quizzes, which allow file upload.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Rahul Sreenivasan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9637",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T14:18:50.325082Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T14:19:15.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rahul Sreenivasan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticated attackers to view the details of unpublished, private, or password-protected quizzes, as well as submit file responses to questions from those quizzes, which allow file upload."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:05:18.153Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88a9abf4-62a9-4695-87e7-18ff0b0075e9?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/classes/class-qmn-quiz-manager.php#L281"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/classes/class-qmn-quiz-manager.php#L1987"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/rest-api.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-19T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-01-05T20:24:52.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9637",
        "datePublished": "2026-01-06T09:20:58.732Z",
        "dateReserved": "2025-08-28T20:48:10.672Z",
        "dateUpdated": "2026-04-08T17:05:18.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9318 (GCVE-0-2025-9318)

    Vulnerability from nvd – Published: 2026-01-06 09:20 – Updated: 2026-04-08 17:30
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 10.3.1 - Authenticated (Subscriber+) SQL Injection via `is_linking` Query Parameter
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Rahul Sreenivasan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9318",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T14:01:09.554483Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T14:01:14.390Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rahul Sreenivasan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018is_linking\u2019 parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:30:10.903Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6524e66-5bd1-4616-8185-c0501a09893e?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/rest-api.php#L533"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-19T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-01-05T20:24:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 10.3.1 - Authenticated (Subscriber+) SQL Injection via `is_linking` Query Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9318",
        "datePublished": "2026-01-06T09:20:59.146Z",
        "dateReserved": "2025-08-21T13:25:19.701Z",
        "dateUpdated": "2026-04-08T17:30:10.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9294 (GCVE-0-2025-9294)

    Vulnerability from nvd – Published: 2026-01-06 08:21 – Updated: 2026-04-08 16:53
    VLAI
    Title
    Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete quiz results.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Dmitrii Ignatyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9294",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T14:30:00.966045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T14:30:11.854Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete quiz results."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:53:30.434Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55895508-d0ef-4855-8d15-b8a45ba0dcb2?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/admin/options-page-questions-tab.php#L1116"
            },
            {
              "url": "https://research.cleantalk.org/cve-2025-9294/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-13T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-01-05T20:13:08.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz And Survey Master \u003c= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9294",
        "datePublished": "2026-01-06T08:21:49.006Z",
        "dateReserved": "2025-08-20T22:35:45.725Z",
        "dateUpdated": "2026-04-08T16:53:30.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3592 (GCVE-0-2024-3592)

    Vulnerability from nvd – Published: 2024-06-07 05:33 – Updated: 2026-04-08 17:34
    VLAI
    Title
    Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection
    Summary
    The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-5606 appears to be a duplicate of this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    expresstech Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Affected: 0 , ≤ 9.0.1 (semver)
    Create a notification for this product.
    expresstech quiz_and_survey_master Affected: 0 , ≤ 9.0.1 (custom)
        cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Lucio Sá
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quiz_and_survey_master",
                "vendor": "expresstech",
                "versions": [
                  {
                    "lessThanOrEqual": "9.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3592",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T13:08:19.476010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T13:15:27.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:12:08.048Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc085413-db43-43e3-9b60-aeb341eed4e1?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3097878/quiz-master-next/trunk/php/admin/options-page-questions-tab.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lucio S\u00e1"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the \u0027question_id\u0027 parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-5606 appears to be a duplicate of this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:34:39.949Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc085413-db43-43e3-9b60-aeb341eed4e1?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3097878/quiz-master-next/trunk/php/admin/options-page-questions-tab.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-06T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress \u003c= 9.0.1 - Authenticated (Contributor+) SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3592",
        "datePublished": "2024-06-07T05:33:47.004Z",
        "dateReserved": "2024-04-10T14:38:32.904Z",
        "dateUpdated": "2026-04-08T17:34:39.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0292 (GCVE-0-2023-0292)

    Vulnerability from nvd – Published: 2023-06-09 05:33 – Updated: 2026-04-08 17:21
    VLAI
    Title
    Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion
    Summary
    The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    Julien Ahrens
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:02:44.181Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/quiz-master-next/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0292",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T23:23:10.484121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T23:35:22.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Julien Ahrens"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:21:24.118Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/quiz-master-next/"
            },
            {
              "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-13T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-01-18T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-02-08T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz And Survey Master \u003c= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-0292",
        "datePublished": "2023-06-09T05:33:32.758Z",
        "dateReserved": "2023-01-13T16:56:22.667Z",
        "dateUpdated": "2026-04-08T17:21:24.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0291 (GCVE-0-2023-0291)

    Vulnerability from nvd – Published: 2023-06-09 05:33 – Updated: 2026-04-08 16:58
    VLAI
    Title
    Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
    Summary
    The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Julien Ahrens
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:02:44.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/quiz-master-next/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0291",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-28T00:40:16.398641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-28T00:51:57.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Julien Ahrens"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:58:23.299Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/quiz-master-next/"
            },
            {
              "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-02-15T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz And Survey Master \u003c= 8.0.8 - Unauthenticated Arbitrary Media Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-0291",
        "datePublished": "2023-06-09T05:33:19.875Z",
        "dateReserved": "2023-01-13T16:54:28.658Z",
        "dateUpdated": "2026-04-08T16:58:23.299Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4033 (GCVE-0-2022-4033)

    Vulnerability from nvd – Published: 2022-11-29 20:25 – Updated: 2026-04-08 17:11
    VLAI
    Title
    Quiz and Survey Master <= 8.0.4 - Improper Input Validation
    Summary
    The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Credits
    Luca Greeb Andreas Krüger
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.187Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2801761%40quiz-master-next\u0026new=2801761%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T21:21:01.208690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T21:21:19.029Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Greeb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Andreas Kr\u00fcger"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the \u0027question[id]\u0027 parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:11:57.352Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f5cc779-c7de-42e6-a812-5c0539067b8c?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2801761%40quiz-master-next\u0026new=2801761%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-11-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master \u003c= 8.0.4 - Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2022-4033",
        "datePublished": "2022-11-29T20:25:26.881Z",
        "dateReserved": "2022-11-16T18:34:37.160Z",
        "dateUpdated": "2026-04-08T17:11:57.352Z",
        "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4032 (GCVE-0-2022-4032)

    Vulnerability from nvd – Published: 2022-11-29 20:23 – Updated: 2026-04-08 17:17
    VLAI
    Title
    Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer
    Summary
    The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Credits
    Luca Greeb Andreas Krüger
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2801761%40quiz-master-next\u0026new=2801761%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4032",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T21:21:32.803511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T21:22:40.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Greeb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Andreas Kr\u00fcger"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the \u0027question[id]\u0027 parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:17:54.765Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b901b3f8-8bbd-42ef-8e0c-de6d09c4950f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2801761%40quiz-master-next\u0026new=2801761%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4032"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-11-29T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master \u003c= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2022-4032",
        "datePublished": "2022-11-29T20:23:15.308Z",
        "dateReserved": "2022-11-16T18:33:38.566Z",
        "dateUpdated": "2026-04-08T17:17:54.765Z",
        "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9233 (GCVE-0-2026-9233)

    Vulnerability from cvelistv5 – Published: 2026-06-27 06:50 – Updated: 2026-06-29 19:04
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to create, modify, and delete quiz output templates stored in the mlw_quiz_output_templates database table, including storing unsanitized HTML content such as arbitrary script tags.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Weerawat Pawanawiwat (ErbaZZ)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9233",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T19:04:11.317122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T19:04:24.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Weerawat Pawanawiwat (ErbaZZ)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to create, modify, and delete quiz output templates stored in the mlw_quiz_output_templates database table, including storing unsanitized HTML content such as arbitrary script tags."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-27T06:50:57.158Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38db911b-cad5-4c8c-b0a4-70dc543b4591?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/php/admin/functions.php#L1557"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/php/admin/functions.php#L1563"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/php/admin/functions.php#L1638"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/php/admin/options-page-email-tab.php#L52"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.1.2/mlw_quizmaster2.php#L931"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/php/admin/functions.php#L1557"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/php/admin/functions.php#L1563"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/php/admin/functions.php#L1638"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/php/admin/options-page-email-tab.php#L52"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/11.0.0/mlw_quizmaster2.php#L931"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3570062%40quiz-master-next\u0026new=3570062%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-26T17:57:43.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-9233",
        "datePublished": "2026-06-27T06:50:57.158Z",
        "dateReserved": "2026-05-21T18:39:37.842Z",
        "dateUpdated": "2026-06-29T19:04:24.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6448 (GCVE-0-2026-6448)

    Vulnerability from cvelistv5 – Published: 2026-06-05 23:28 – Updated: 2026-06-06 11:48
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. If the secret key is exposed, this can be exploited by lower-privileged users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Drew Webber
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-06T11:39:23.195717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-06T11:48:49.465Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Drew Webber"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the \u0027order\u0027 parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. If the secret key is exposed, this can be exploited by lower-privileged users."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T23:28:27.562Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d230b781-e208-4e66-b8ed-aba72db8d8dc?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L164"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L164"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L131"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L131"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L126"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L126"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L243"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L243"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-quiz-api.php#L374"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-quiz-api.php#L374"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3547016%40quiz-master-next\u0026new=3547016%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-05T10:44:40.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 11.1.2 - Authenticated (Admin+) SQL Injection via \u0027order\u0027 and \u0027limit\u0027 Parameters"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-6448",
        "datePublished": "2026-06-05T23:28:27.562Z",
        "dateReserved": "2026-04-16T18:50:05.153Z",
        "dateUpdated": "2026-06-06T11:48:49.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5797 (GCVE-0-2026-5797)

    Vulnerability from cvelistv5 – Published: 2026-04-17 05:29 – Updated: 2026-04-17 11:14
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields
    Summary
    The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do_shortcode() on user-submitted quiz answer text. User-submitted answers pass through sanitize_text_field() and htmlspecialchars(), which only strip HTML tags but do not encode or remove shortcode brackets [ and ]. When quiz results are displayed, the plugin calls do_shortcode() on the entire results page output (including user answers), causing any injected shortcodes to be executed. This makes it possible for unauthenticated attackers to inject arbitrary WordPress shortcodes such as [qsm_result id=X] to access other users' quiz submissions without authorization, as the qsm_result shortcode lacks any authorization checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Credits
    Rafshanzani Suhada
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5797",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-17T11:14:23.425236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T11:14:55.597Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rafshanzani Suhada"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do_shortcode() on user-submitted quiz answer text. User-submitted answers pass through sanitize_text_field() and htmlspecialchars(), which only strip HTML tags but do not encode or remove shortcode brackets [ and ]. When quiz results are displayed, the plugin calls do_shortcode() on the entire results page output (including user answers), causing any injected shortcodes to be executed. This makes it possible for unauthenticated attackers to inject arbitrary WordPress shortcodes such as [qsm_result id=X] to access other users\u0027 quiz submissions without authorization, as the qsm_result shortcode lacks any authorization checks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T05:29:26.679Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2aa33cc-c1c4-42d4-9c2f-54648426ee4b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-results-pages.php#L193"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-results-pages.php#L193"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qmn-quiz-manager.php#L572"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qmn-quiz-manager.php#L572"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/question-types/class-question-review-text.php#L15"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/question-types/class-question-review-text.php#L15"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/question-types/class-question-review.php#L40"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/question-types/class-question-review.php#L40"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3506094%40quiz-master-next\u0026new=3506094%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-16T16:42:59.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-5797",
        "datePublished": "2026-04-17T05:29:26.679Z",
        "dateReserved": "2026-04-08T14:08:20.955Z",
        "dateUpdated": "2026-04-17T11:14:55.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2412 (GCVE-0-2026-2412)

    Vulnerability from cvelistv5 – Published: 2026-03-23 22:25 – Updated: 2026-04-08 17:16
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter
    Summary
    The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitize_text_field() function applied to the merged_question parameter does not prevent SQL metacharacters like ), OR, AND, and # from being included in the value, which is then directly concatenated into a SQL IN() clause without using $wpdb->prepare() or casting values to integers. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Thanh Hao
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T18:44:37.199895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T18:44:44.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.3.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thanh Hao"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the \u0027merged_question\u0027 parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitize_text_field() function applied to the merged_question parameter does not prevent SQL metacharacters like ), OR, AND, and # from being included in the value, which is then directly concatenated into a SQL IN() clause without using $wpdb-\u003eprepare() or casting values to integers. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:16:36.412Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b32bf1cb-3722-41fc-be51-dabe80416b14?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-questions.php#L387"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/rest-api.php#L760"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3486710/quiz-master-next/trunk/php/rest-api.php"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3486710/quiz-master-next/trunk/php/classes/class-qsm-questions.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-23T10:09:13.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 10.3.5 - Authenticated (Contributor+) SQL Injection via \u0027merged_question\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-2412",
        "datePublished": "2026-03-23T22:25:39.767Z",
        "dateReserved": "2026-02-12T16:12:41.339Z",
        "dateUpdated": "2026-04-08T17:16:36.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9318 (GCVE-0-2025-9318)

    Vulnerability from cvelistv5 – Published: 2026-01-06 09:20 – Updated: 2026-04-08 17:30
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 10.3.1 - Authenticated (Subscriber+) SQL Injection via `is_linking` Query Parameter
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Rahul Sreenivasan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9318",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T14:01:09.554483Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T14:01:14.390Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rahul Sreenivasan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018is_linking\u2019 parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:30:10.903Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6524e66-5bd1-4616-8185-c0501a09893e?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/rest-api.php#L533"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-19T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-01-05T20:24:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 10.3.1 - Authenticated (Subscriber+) SQL Injection via `is_linking` Query Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9318",
        "datePublished": "2026-01-06T09:20:59.146Z",
        "dateReserved": "2025-08-21T13:25:19.701Z",
        "dateUpdated": "2026-04-08T17:30:10.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9637 (GCVE-0-2025-9637)

    Vulnerability from cvelistv5 – Published: 2026-01-06 09:20 – Updated: 2026-04-08 17:05
    VLAI
    Title
    Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticated attackers to view the details of unpublished, private, or password-protected quizzes, as well as submit file responses to questions from those quizzes, which allow file upload.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Rahul Sreenivasan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9637",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T14:18:50.325082Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T14:19:15.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rahul Sreenivasan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticated attackers to view the details of unpublished, private, or password-protected quizzes, as well as submit file responses to questions from those quizzes, which allow file upload."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:05:18.153Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88a9abf4-62a9-4695-87e7-18ff0b0075e9?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/classes/class-qmn-quiz-manager.php#L281"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/classes/class-qmn-quiz-manager.php#L1987"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/rest-api.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-19T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-01-05T20:24:52.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master (QSM) \u003c= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9637",
        "datePublished": "2026-01-06T09:20:58.732Z",
        "dateReserved": "2025-08-28T20:48:10.672Z",
        "dateUpdated": "2026-04-08T17:05:18.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9294 (GCVE-0-2025-9294)

    Vulnerability from cvelistv5 – Published: 2026-01-06 08:21 – Updated: 2026-04-08 16:53
    VLAI
    Title
    Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion
    Summary
    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete quiz results.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Dmitrii Ignatyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9294",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T14:30:00.966045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T14:30:11.854Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "10.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete quiz results."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:53:30.434Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55895508-d0ef-4855-8d15-b8a45ba0dcb2?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/admin/options-page-questions-tab.php#L1116"
            },
            {
              "url": "https://research.cleantalk.org/cve-2025-9294/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-13T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-01-05T20:13:08.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz And Survey Master \u003c= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9294",
        "datePublished": "2026-01-06T08:21:49.006Z",
        "dateReserved": "2025-08-20T22:35:45.725Z",
        "dateUpdated": "2026-04-08T16:53:30.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3592 (GCVE-0-2024-3592)

    Vulnerability from cvelistv5 – Published: 2024-06-07 05:33 – Updated: 2026-04-08 17:34
    VLAI
    Title
    Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection
    Summary
    The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-5606 appears to be a duplicate of this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    expresstech Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Affected: 0 , ≤ 9.0.1 (semver)
    Create a notification for this product.
    expresstech quiz_and_survey_master Affected: 0 , ≤ 9.0.1 (custom)
        cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Lucio Sá
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quiz_and_survey_master",
                "vendor": "expresstech",
                "versions": [
                  {
                    "lessThanOrEqual": "9.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3592",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T13:08:19.476010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T13:15:27.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:12:08.048Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc085413-db43-43e3-9b60-aeb341eed4e1?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3097878/quiz-master-next/trunk/php/admin/options-page-questions-tab.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lucio S\u00e1"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the \u0027question_id\u0027 parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-5606 appears to be a duplicate of this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:34:39.949Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc085413-db43-43e3-9b60-aeb341eed4e1?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3097878/quiz-master-next/trunk/php/admin/options-page-questions-tab.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-06T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress \u003c= 9.0.1 - Authenticated (Contributor+) SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3592",
        "datePublished": "2024-06-07T05:33:47.004Z",
        "dateReserved": "2024-04-10T14:38:32.904Z",
        "dateUpdated": "2026-04-08T17:34:39.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0292 (GCVE-0-2023-0292)

    Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 17:21
    VLAI
    Title
    Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion
    Summary
    The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    Julien Ahrens
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:02:44.181Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/quiz-master-next/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0292",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T23:23:10.484121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T23:35:22.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Julien Ahrens"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:21:24.118Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/quiz-master-next/"
            },
            {
              "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-13T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2023-01-18T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2023-02-08T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz And Survey Master \u003c= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-0292",
        "datePublished": "2023-06-09T05:33:32.758Z",
        "dateReserved": "2023-01-13T16:56:22.667Z",
        "dateUpdated": "2026-04-08T17:21:24.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0291 (GCVE-0-2023-0291)

    Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 16:58
    VLAI
    Title
    Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
    Summary
    The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Julien Ahrens
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:02:44.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/quiz-master-next/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0291",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-28T00:40:16.398641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-28T00:51:57.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Julien Ahrens"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:58:23.299Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/quiz-master-next/"
            },
            {
              "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-02-15T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz And Survey Master \u003c= 8.0.8 - Unauthenticated Arbitrary Media Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-0291",
        "datePublished": "2023-06-09T05:33:19.875Z",
        "dateReserved": "2023-01-13T16:54:28.658Z",
        "dateUpdated": "2026-04-08T16:58:23.299Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4033 (GCVE-0-2022-4033)

    Vulnerability from cvelistv5 – Published: 2022-11-29 20:25 – Updated: 2026-04-08 17:11
    VLAI
    Title
    Quiz and Survey Master <= 8.0.4 - Improper Input Validation
    Summary
    The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Credits
    Luca Greeb Andreas Krüger
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.187Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2801761%40quiz-master-next\u0026new=2801761%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T21:21:01.208690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T21:21:19.029Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Greeb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Andreas Kr\u00fcger"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the \u0027question[id]\u0027 parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:11:57.352Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f5cc779-c7de-42e6-a812-5c0539067b8c?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2801761%40quiz-master-next\u0026new=2801761%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4033"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-11-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master \u003c= 8.0.4 - Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2022-4033",
        "datePublished": "2022-11-29T20:25:26.881Z",
        "dateReserved": "2022-11-16T18:34:37.160Z",
        "dateUpdated": "2026-04-08T17:11:57.352Z",
        "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4032 (GCVE-0-2022-4032)

    Vulnerability from cvelistv5 – Published: 2022-11-29 20:23 – Updated: 2026-04-08 17:17
    VLAI
    Title
    Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer
    Summary
    The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Credits
    Luca Greeb Andreas Krüger
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2801761%40quiz-master-next\u0026new=2801761%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4032",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T21:21:32.803511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-23T21:22:40.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker",
              "vendor": "expresstech",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luca Greeb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Andreas Kr\u00fcger"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the \u0027question[id]\u0027 parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:17:54.765Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b901b3f8-8bbd-42ef-8e0c-de6d09c4950f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2801761%40quiz-master-next\u0026new=2801761%40quiz-master-next\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4032"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-11-29T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Quiz and Survey Master \u003c= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2022-4032",
        "datePublished": "2022-11-29T20:23:15.308Z",
        "dateReserved": "2022-11-16T18:33:38.566Z",
        "dateUpdated": "2026-04-08T17:17:54.765Z",
        "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }