Vulnerabilities > Expresstech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-16 | CVE-2016-11085 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. | 4.3 |
| 2019-12-13 | CVE-2019-17599 | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). | 4.3 |
| 2019-08-14 | CVE-2017-18513 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. | 6.8 |