Vulnerabilities > Expresstech > Quiz AND Survey Master > 1.5.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-12 | CVE-2021-24221 | SQL Injection vulnerability in Expresstech Quiz and Survey Master The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. | 8.8 |
2021-01-01 | CVE-2020-35951 | Incorrect Authorization vulnerability in Expresstech Quiz and Survey Master An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. | 6.4 |
2021-01-01 | CVE-2020-35949 | Incorrect Permission Assignment for Critical Resource vulnerability in Expresstech Quiz and Survey Master An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. | 7.5 |
2020-08-16 | CVE-2016-11085 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. | 4.3 |
2019-12-13 | CVE-2019-17599 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). | 4.3 |