Vulnerabilities > Expresstech > Quiz AND Survey Master > 6.3.1

DATE CVE VULNERABILITY TITLE RISK
2021-04-12 CVE-2021-24221 SQL Injection vulnerability in Expresstech Quiz and Survey Master
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection.
network
low complexity
expresstech CWE-89
8.8
8.8
2021-01-01 CVE-2020-35951 Incorrect Authorization vulnerability in Expresstech Quiz and Survey Master
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress.
network
low complexity
expresstech CWE-863
6.4
6.4
2021-01-01 CVE-2020-35949 Incorrect Permission Assignment for Critical Resource vulnerability in Expresstech Quiz and Survey Master
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress.
network
low complexity
expresstech CWE-732
7.5
7.5
2019-12-13 CVE-2019-17599 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). 		4.3
4.3