Vulnerabilities > Expresstech

DATE CVE VULNERABILITY TITLE RISK
2022-11-18 CVE-2022-41652 Unspecified vulnerability in Expresstech Quiz and Survey Master
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
network
low complexity
expresstech
critical
9.8
2022-11-17 CVE-2021-36905 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Multiple Auth.
network
low complexity
expresstech CWE-79
5.4
2022-11-03 CVE-2021-36906 Authorization Bypass Through User-Controlled Key vulnerability in Expresstech Quiz and Survey Master
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
network
low complexity
expresstech CWE-639
8.8
2022-10-28 CVE-2021-36864 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Auth.
network
low complexity
expresstech CWE-79
5.4
2022-10-28 CVE-2021-36898 SQL Injection vulnerability in Expresstech Quiz and Survey Master
Auth.
network
low complexity
expresstech CWE-89
7.2
2022-10-28 CVE-2021-36863 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Auth.
network
low complexity
expresstech CWE-79
5.4
2022-03-18 CVE-2022-25602 Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Responsive Menu
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).
network
low complexity
expresstech CWE-434
6.5
2022-01-17 CVE-2022-0180 Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
6.8
2022-01-17 CVE-2022-0181 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.
4.3
2022-01-17 CVE-2022-0182 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.
3.5