Vulnerabilities > Expresstech > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-5606 | SQL Injection vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role | 8.8 |
| 2023-11-13 | CVE-2023-26524 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions. | 8.8 |
| 2023-06-09 | CVE-2023-0292 | Unspecified vulnerability in Expresstech Quiz and Survey Master The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. | 8.1 |
| 2023-02-14 | CVE-2022-46862 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions. | 8.8 |
| 2022-11-18 | CVE-2022-42883 | Unspecified vulnerability in Expresstech Quiz and Survey Master Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. | 7.5 |
| 2022-11-03 | CVE-2021-36906 | Authorization Bypass Through User-Controlled Key vulnerability in Expresstech Quiz and Survey Master Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | 8.8 |
| 2022-10-28 | CVE-2021-36898 | SQL Injection vulnerability in Expresstech Quiz and Survey Master Auth. | 7.2 |
| 2021-04-12 | CVE-2021-24221 | SQL Injection vulnerability in Expresstech Quiz and Survey Master The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. | 8.8 |
| 2021-01-01 | CVE-2020-35949 | Incorrect Permission Assignment for Critical Resource vulnerability in Expresstech Quiz and Survey Master An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. | 7.5 |