cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8758,https://securityvulnerability.io/vulnerability/CVE-2024-8758,Unfiltered HTML Setting Vulnerability in Quiz and Survey Master WordPress Plugin,"The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,Quiz And Survey Master,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-09-23T06:15:00.000Z,0
CVE-2024-6879,https://securityvulnerability.io/vulnerability/CVE-2024-6879,Quiz and Survey Master plugin vulnerable to Stored XSS attacks,"The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.",Wordpress,Quiz And Survey Master (qsm),,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-08-26T06:00:01.427Z,0
CVE-2024-6390,https://securityvulnerability.io/vulnerability/CVE-2024-6390,Cross-Site Scripting (XSS) Vulnerability in Quiz and Survey Master WordPress Plugin,"The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks",Wordpress,Quiz And Survey Master (qsm),,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-08-03T06:00:05.411Z,0
CVE-2024-6025,https://securityvulnerability.io/vulnerability/CVE-2024-6025,Stored Cross-Site Scripting Vulnerability in QSM WordPress Plugin,"The Quiz and Survey Master (QSM)  WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks",Wordpress,Quiz And Survey Master (qsm),5.4,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-07-11T06:00:04.031Z,0
CVE-2024-5606,https://securityvulnerability.io/vulnerability/CVE-2024-5606,SQL Injection Vulnerability in Quiz and Survey Master WordPress Plugin by QSM,"The Quiz and Survey Master (QSM) WordPress plugin is susceptible to a SQL injection vulnerability due to insufficient validation and escaping of the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action. This weakness allows users with Contributor roles and above to exploit the vulnerability, potentially compromising the integrity of the database. Prior to version 9.0.2, the plugin does not effectively secure user input, making it critical for website administrators using this plugin to apply the necessary updates and enhance their security posture.",Wordpress,Quiz And Survey Master,8.8,HIGH,0.0005499999970197678,false,,false,false,false,,false,false,2024-07-02T06:15:00.000Z,0
CVE-2024-4934,https://securityvulnerability.io/vulnerability/CVE-2024-4934,Stored Cross-Site Scripting Vulnerability in Quiz and Survey Master WordPress Plugin,"The Quiz and Survey Master (QSM)  WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Quiz And Survey Master (qsm),,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-01T06:00:01.172Z,0
CVE-2024-3592,https://securityvulnerability.io/vulnerability/CVE-2024-3592,SQL Injection Vulnerability in The Quiz And Survey Master Plugin for WordPress,"The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",Wordpress,Quiz And Survey Master (qsm) – Easy Quiz And Survey Maker,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-06-07T05:33:47.004Z,0
CVE-2023-26524,https://securityvulnerability.io/vulnerability/CVE-2023-26524,WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF),"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the ExpressTech Quiz And Survey Master plugin for WordPress, affecting all versions up to 8.0.10. This vulnerability allows an attacker to trick a logged-in user into submitting a request that they did not intend to make, potentially leading to unauthorized actions being executed on behalf of the user. This security flaw emphasizes the need for users to keep their plugins updated and implement protective measures against CSRF attacks to safeguard their data and integrity.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",8.8,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2023-11-13T00:15:00.000Z,0
CVE-2023-3575,https://securityvulnerability.io/vulnerability/CVE-2023-3575,Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS,"The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Quiz And Survey Master,5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2023-08-07T15:15:00.000Z,0
CVE-2023-0292,https://securityvulnerability.io/vulnerability/CVE-2023-0292,Cross-Site Request Forgery in Quiz And Survey Master Plugin for WordPress,"The Quiz And Survey Master plugin for WordPress contains a vulnerability that affects versions up to and including 8.0.8. Due to inadequate nonce validation in the qsm_remove_file_fd_question AJAX action, unauthenticated attackers can craft unauthorized requests to delete any media files. Exploiting this vulnerability requires the attacker to deceive a site administrator into triggering the malicious action, which can lead to significant data loss.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",8.1,HIGH,0.0060800001956522465,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0291,https://securityvulnerability.io/vulnerability/CVE-2023-0291,Authorization Bypass in Quiz And Survey Master Plugin for WordPress,"The Quiz And Survey Master plugin for WordPress has a security flaw that allows unauthorized users to bypass legitimate access controls. This vulnerability arises from a missing capability check on the AJAX action linked to file management. As a result, unauthenticated attackers can delete arbitrary media files from the server, potentially leading to data loss or disruption of services. It is crucial for users of versions up to 8.0.8 to apply necessary updates to mitigate this risk.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",9.1,CRITICAL,0.012539999559521675,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2022-46862,https://securityvulnerability.io/vulnerability/CVE-2022-46862,WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF),"A Cross-Site Request Forgery (CSRF) vulnerability exists in versions of the ExpressTech Quiz And Survey Master plugin for WordPress up to 8.0.7. This weakness allows attackers to forge requests on behalf of authenticated users, potentially compromising user accounts and enabling unauthorized actions. It is advisable for users of the plugin to upgrade to a secure version and implement appropriate security measures to mitigate such risks.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",8.8,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2023-02-14T11:26:14.262Z,0
CVE-2022-4033,https://securityvulnerability.io/vulnerability/CVE-2022-4033,Input Validation Bypass in Quiz and Survey Master Plugin for WordPress,"The Quiz and Survey Master plugin for WordPress allows an attacker to exploit an input validation bypass through the 'question[id]' parameter. This vulnerability arises from inadequate input validation in versions up to 8.0.4, which enables malicious users to inject unintended values such as file paths or non-numeric entries. This flaw could potentially lead to unexpected behavior, allowing attackers to manipulate the plugin's functionality and compromise site integrity.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress",5.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2022-11-29T20:25:26.881Z,0
CVE-2022-4032,https://securityvulnerability.io/vulnerability/CVE-2022-4032,iFrame Injection Vulnerability in Quiz and Survey Master Plugin for WordPress,"The Quiz and Survey Master plugin for WordPress has a vulnerability that allows unauthenticated attackers to perform iFrame Injection through the 'question[id]' parameter. This issue arises from insufficient input sanitization and output escaping present in the plugin's code, allowing the injection of iframe tags. When exploited, this vulnerability permits malicious code to be executed on pages viewed by users, potentially leading to unauthorized actions or data theft.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress",7.2,HIGH,0.0006500000017695129,false,,false,false,false,,false,false,2022-11-29T20:23:15.308Z,0
CVE-2022-40698,https://securityvulnerability.io/vulnerability/CVE-2022-40698,WordPress Quiz And Survey Master plugin <= 7.3.10 - Cross-Site Scripting (XSS) vulnerability,Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.,Wordpress,Quiz And Survey Master (WordPress Plugin),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2022-11-18T23:15:00.000Z,0
CVE-2022-42883,https://securityvulnerability.io/vulnerability/CVE-2022-42883,WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability,Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.,Wordpress,Quiz And Survey Master (WordPress Plugin),5.3,MEDIUM,0.0012600000482052565,false,,false,false,false,,false,false,2022-11-18T23:15:00.000Z,0
CVE-2022-41652,https://securityvulnerability.io/vulnerability/CVE-2022-41652,WordPress Quiz And Survey Master plugin <= 7.3.10 - Bypass vulnerability,Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.,Wordpress,Quiz And Survey Master (WordPress Plugin),6.5,MEDIUM,0.0019000000320374966,false,,false,false,false,,false,false,2022-11-18T19:15:00.000Z,0
CVE-2021-36905,https://securityvulnerability.io/vulnerability/CVE-2021-36905,WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities,Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.,Wordpress,Quiz And Survey Master (WordPress Plugin),5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-17T23:15:00.000Z,0
CVE-2021-36906,https://securityvulnerability.io/vulnerability/CVE-2021-36906,WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities,Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.,Wordpress,Quiz And Survey Master (WordPress Plugin),2.7,LOW,0.0010400000028312206,false,,false,false,false,,false,false,2022-11-03T20:15:00.000Z,0
CVE-2021-36864,https://securityvulnerability.io/vulnerability/CVE-2021-36864,WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability,Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.,Wordpress,Quiz And Survey Master (WordPress Plugin),3.4,LOW,0.0005000000237487257,false,,false,false,false,,false,false,2022-10-28T18:15:00.000Z,0
CVE-2021-36898,https://securityvulnerability.io/vulnerability/CVE-2021-36898,WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability,Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.,Wordpress,Quiz And Survey Master (WordPress Plugin),9.1,CRITICAL,0.0010400000028312206,false,,false,false,false,,false,false,2022-10-28T18:15:00.000Z,0
CVE-2021-36863,https://securityvulnerability.io/vulnerability/CVE-2021-36863,WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability,Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.,Wordpress,Quiz And Survey Master (WordPress Plugin),5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-10-28T16:15:00.000Z,0
CVE-2021-36865,https://securityvulnerability.io/vulnerability/CVE-2021-36865,WordPress Quiz And Survey Master plugin <= 7.3.4 - Insecure direct object references (IDOR) vulnerability,Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.,Wordpress,Quiz And Survey Master (WordPress Plugin),3.8,LOW,0.0005000000237487257,false,,false,false,false,,false,false,2022-09-30T19:15:00.000Z,0
CVE-2021-24691,https://securityvulnerability.io/vulnerability/CVE-2021-24691,"Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting ","The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed",Wordpress,"Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress",4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-11T10:45:42.000Z,0
CVE-2021-24368,https://securityvulnerability.io/vulnerability/CVE-2021-24368,Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS),"The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link",Wordpress,"Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress",6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2021-06-20T12:31:32.000Z,0