Vulnerabilities > Expresstech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-05 | CVE-2021-24160 | Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Responsive Menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. | 8.8 |
| 2021-01-01 | CVE-2020-35951 | Missing Authentication for Critical Function vulnerability in Expresstech Quiz and Survey Master An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. | 9.9 |
| 2021-01-01 | CVE-2020-35949 | Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Quiz and Survey Master An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. | 9.8 |
| 2020-08-16 | CVE-2016-11085 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. | 6.5 |
| 2019-12-13 | CVE-2019-17599 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). | 6.1 |
| 2019-08-14 | CVE-2017-18513 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. | 8.8 |