cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-26524,https://securityvulnerability.io/vulnerability/CVE-2023-26524,WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF),"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the ExpressTech Quiz And Survey Master plugin for WordPress, affecting all versions up to 8.0.10. This vulnerability allows an attacker to trick a logged-in user into submitting a request that they did not intend to make, potentially leading to unauthorized actions being executed on behalf of the user. This security flaw emphasizes the need for users to keep their plugins updated and implement protective measures against CSRF attacks to safeguard their data and integrity.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",8.8,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2023-11-13T00:15:00.000Z,0
CVE-2023-0292,https://securityvulnerability.io/vulnerability/CVE-2023-0292,Cross-Site Request Forgery in Quiz And Survey Master Plugin for WordPress,"The Quiz And Survey Master plugin for WordPress contains a vulnerability that affects versions up to and including 8.0.8. Due to inadequate nonce validation in the qsm_remove_file_fd_question AJAX action, unauthenticated attackers can craft unauthorized requests to delete any media files. Exploiting this vulnerability requires the attacker to deceive a site administrator into triggering the malicious action, which can lead to significant data loss.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",8.1,HIGH,0.0060800001956522465,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0291,https://securityvulnerability.io/vulnerability/CVE-2023-0291,Authorization Bypass in Quiz And Survey Master Plugin for WordPress,"The Quiz And Survey Master plugin for WordPress has a security flaw that allows unauthorized users to bypass legitimate access controls. This vulnerability arises from a missing capability check on the AJAX action linked to file management. As a result, unauthenticated attackers can delete arbitrary media files from the server, potentially leading to data loss or disruption of services. It is crucial for users of versions up to 8.0.8 to apply necessary updates to mitigate this risk.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",9.1,CRITICAL,0.012539999559521675,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2022-46862,https://securityvulnerability.io/vulnerability/CVE-2022-46862,WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF),"A Cross-Site Request Forgery (CSRF) vulnerability exists in versions of the ExpressTech Quiz And Survey Master plugin for WordPress up to 8.0.7. This weakness allows attackers to forge requests on behalf of authenticated users, potentially compromising user accounts and enabling unauthorized actions. It is advisable for users of the plugin to upgrade to a secure version and implement appropriate security measures to mitigate such risks.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",8.8,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2023-02-14T11:26:14.262Z,0
CVE-2022-4033,https://securityvulnerability.io/vulnerability/CVE-2022-4033,Input Validation Bypass in Quiz and Survey Master Plugin for WordPress,"The Quiz and Survey Master plugin for WordPress allows an attacker to exploit an input validation bypass through the 'question[id]' parameter. This vulnerability arises from inadequate input validation in versions up to 8.0.4, which enables malicious users to inject unintended values such as file paths or non-numeric entries. This flaw could potentially lead to unexpected behavior, allowing attackers to manipulate the plugin's functionality and compromise site integrity.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress",5.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2022-11-29T20:25:26.881Z,0
CVE-2022-4032,https://securityvulnerability.io/vulnerability/CVE-2022-4032,iFrame Injection Vulnerability in Quiz and Survey Master Plugin for WordPress,"The Quiz and Survey Master plugin for WordPress has a vulnerability that allows unauthenticated attackers to perform iFrame Injection through the 'question[id]' parameter. This issue arises from insufficient input sanitization and output escaping present in the plugin's code, allowing the injection of iframe tags. When exploited, this vulnerability permits malicious code to be executed on pages viewed by users, potentially leading to unauthorized actions or data theft.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress",7.2,HIGH,0.0006500000017695129,false,,false,false,false,,false,false,2022-11-29T20:23:15.308Z,0
CVE-2021-24691,https://securityvulnerability.io/vulnerability/CVE-2021-24691,"Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting ","The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed",Wordpress,"Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress",4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-11T10:45:42.000Z,0
CVE-2021-24368,https://securityvulnerability.io/vulnerability/CVE-2021-24368,Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS),"The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link",Wordpress,"Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress",6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2021-06-20T12:31:32.000Z,0
CVE-2021-24221,https://securityvulnerability.io/vulnerability/CVE-2021-24221,Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode,"The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection.",Wordpress,"Quiz And Survey Master – Best Quiz, Exam And Survey Plugin For WordPress",8.8,HIGH,0.00203999993391335,false,,false,false,false,,false,false,2021-04-12T14:03:25.000Z,0