Vulnerabilities > Expresstech > Quiz AND Survey Master > 8.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-29 | CVE-2022-4032 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. | 6.1 |
| 2022-11-29 | CVE-2022-4033 | Improper Input Validation vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. | 5.3 |