Vulnerabilities > Expresstech

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-4032 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected.
network
low complexity
expresstech CWE-79
6.1
2022-11-29 CVE-2022-4033 Improper Input Validation vulnerability in Expresstech Quiz and Survey Master
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e.
network
low complexity
expresstech CWE-20
5.3
2022-11-18 CVE-2022-40698 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Auth.
network
low complexity
expresstech CWE-79
6.1
2022-11-18 CVE-2022-42883 Unspecified vulnerability in Expresstech Quiz and Survey Master
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
network
low complexity
expresstech
7.5
2022-11-18 CVE-2022-41652 Unspecified vulnerability in Expresstech Quiz and Survey Master
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
network
low complexity
expresstech
critical
9.8
2022-11-17 CVE-2021-36905 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Multiple Auth.
network
low complexity
expresstech CWE-79
5.4
2022-11-03 CVE-2021-36906 Authorization Bypass Through User-Controlled Key vulnerability in Expresstech Quiz and Survey Master
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
network
low complexity
expresstech CWE-639
8.8
2022-10-28 CVE-2021-36864 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Auth.
network
low complexity
expresstech CWE-79
5.4
2022-10-28 CVE-2021-36898 SQL Injection vulnerability in Expresstech Quiz and Survey Master
Auth.
network
low complexity
expresstech CWE-89
7.2
2022-10-28 CVE-2021-36863 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Auth.
network
low complexity
expresstech CWE-79
5.4