Vulnerabilities > Expresstech

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2022-25602 Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Responsive Menu
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).
network
low complexity
expresstech CWE-434
8.8
2022-01-17 CVE-2022-0180 Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
network
low complexity
expresstech CWE-352
8.8
2022-01-17 CVE-2022-0181 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.
network
low complexity
expresstech CWE-79
6.1
2022-01-17 CVE-2022-0182 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.
network
low complexity
expresstech CWE-79
5.4
2021-10-11 CVE-2021-24691 Unspecified vulnerability in Expresstech Quiz and Survey Master
The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
network
low complexity
expresstech
4.8
2021-08-18 CVE-2021-20792 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.
network
low complexity
expresstech CWE-79
6.1
2021-06-20 CVE-2021-24368 Unspecified vulnerability in Expresstech Quiz and Survey Master
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue.
network
low complexity
expresstech
6.1
2021-04-12 CVE-2021-24221 Unspecified vulnerability in Expresstech Quiz and Survey Master
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection.
network
low complexity
expresstech
8.8
2021-04-05 CVE-2021-24162 Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings.
network
low complexity
expresstech CWE-352
8.8
2021-04-05 CVE-2021-24161 Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files.
network
low complexity
expresstech CWE-352
8.8