Vulnerabilities > Expresstech > Quiz AND Survey Master > 7.3.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2021-36906 | Authorization Bypass Through User-Controlled Key vulnerability in Expresstech Quiz and Survey Master Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | 8.8 |
| 2022-10-28 | CVE-2021-36864 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Auth. | 5.4 |
| 2022-10-28 | CVE-2021-36898 | SQL Injection vulnerability in Expresstech Quiz and Survey Master Auth. | 7.2 |
| 2022-10-28 | CVE-2021-36863 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Auth. | 5.4 |
| 2022-01-17 | CVE-2022-0180 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page. | 6.8 |
| 2022-01-17 | CVE-2022-0181 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 4.3 |
| 2022-01-17 | CVE-2022-0182 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master. | 3.5 |