Expresstech Quiz And Survey Master — known CVE vulnerabilities
Every CVE whose affected-product data names Expresstech Quiz And Survey Master, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2020-35949 — CVSS 10.0 (critical): An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers…
CVE-2020-35951 — CVSS 9.9 (critical): An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as…
CVE-2024-3592 — CVSS 9.9 (critical): The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the…
CVE-2022-0180 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the…
CVE-2024-5606 — CVSS 8.8 (high): The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the…
CVE-2021-24221 — CVSS 8.8 (high): The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET…
CVE-2021-36898 — CVSS 7.5 (high): Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2023-0291 — CVSS 7.2 (high): The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated…
CVE-2022-4032 — CVSS 7.2 (high): The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and…
CVE-2025-9637 — CVSS 6.5 (medium): The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification…
CVE-2025-9318 — CVSS 6.5 (medium): The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the…
CVE-2016-11085 — CVSS 6.5 (medium): php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the…
CVE-2022-0181 — CVSS 6.1 (medium): Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an…
CVE-2024-10679 — CVSS 6.1 (medium): The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2021-24368 — CVSS 6.1 (medium): The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id…
CVE-2021-20792 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script…
CVE-2019-17599 — CVSS 6.1 (medium): The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact…
CVE-2024-6390 — CVSS 5.9 (medium): The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which…
CVE-2024-4934 — CVSS 5.5 (medium): The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them…
CVE-2021-36863 — CVSS 5.4 (medium): Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2022-0182 — CVSS 5.4 (medium): Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to…
CVE-2022-40698 — CVSS 5.4 (medium): Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2023-0292 — CVSS 5.4 (medium): The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This…
CVE-2023-3575 — CVSS 5.4 (medium): The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users…
CVE-2024-6025 — CVSS 5.4 (medium): The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow…
CVE-2021-36905 — CVSS 5.4 (medium): Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2022-4033 — CVSS 5.3 (medium): The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up…
CVE-2022-42883 — CVSS 5.3 (medium): Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2023-51507 — CVSS 5.3 (medium): Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through…
CVE-2021-24691 — CVSS 4.8 (medium): The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages…
CVE-2024-8758 — CVSS 4.8 (medium): The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-6879 — CVSS 4.7 (medium): The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a…
CVE-2022-46862 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress…
CVE-2025-9294 — CVSS 4.3 (medium): The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a…
CVE-2023-26524 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress…
CVE-2021-36864 — CVSS 3.4 (low): Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2021-36906 — CVSS 2.7 (low): Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.