Vulnerabilities > Expresstech > Quiz AND Survey Master
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-29 | CVE-2022-4032 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. | 6.1 |
| 2022-11-29 | CVE-2022-4033 | Improper Input Validation vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. | 5.3 |
| 2022-11-18 | CVE-2022-40698 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Auth. | 6.1 |
| 2022-11-18 | CVE-2022-42883 | Unspecified vulnerability in Expresstech Quiz and Survey Master Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. | 7.5 |
| 2022-11-18 | CVE-2022-41652 | Unspecified vulnerability in Expresstech Quiz and Survey Master Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | 9.8 |
| 2022-11-17 | CVE-2021-36905 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Multiple Auth. | 5.4 |
| 2022-11-03 | CVE-2021-36906 | Authorization Bypass Through User-Controlled Key vulnerability in Expresstech Quiz and Survey Master Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | 8.8 |
| 2022-10-28 | CVE-2021-36864 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Auth. | 5.4 |
| 2022-10-28 | CVE-2021-36898 | SQL Injection vulnerability in Expresstech Quiz and Survey Master Auth. | 7.2 |
| 2022-10-28 | CVE-2021-36863 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master Auth. | 5.4 |