VYPR

Vendor CVEs

Expresstech

All CVEs

30 total · sorted by risk
  • CVE-2024-3592CriJun 7, 2024
    risk 0.57cvss 9.9epss 0.00

    The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2025-67987HigFeb 20, 2026
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1.

  • CVE-2025-55708HigAug 14, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.2.4.

  • CVE-2021-36898HigOct 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.

  • CVE-2022-4032HigNov 29, 2022
    risk 0.47cvss 7.2epss 0.01

    The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible…

  • CVE-2023-0291HigJun 9, 2023
    risk 0.40cvss 7.2epss 0.02

    The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated…

  • CVE-2026-5797MedApr 17, 2026
    risk 0.34cvss 5.3epss 0.01

    The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do_shortcode() on user-submitted quiz answer text. User-submitted answers…

  • CVE-2026-25324MedFeb 19, 2026
    risk 0.34cvss 5.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.

  • CVE-2025-63054MedDec 9, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.2.

  • CVE-2022-4033MedNov 29, 2022
    risk 0.34cvss 5.3epss 0.01

    The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a…

  • CVE-2026-25329MedFeb 19, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.

  • CVE-2026-24358MedJan 22, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3.

  • CVE-2025-9294MedJan 6, 2026
    risk 0.28cvss 4.3epss 0.00

    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for…

  • CVE-2023-37984MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.

  • CVE-2023-0292MedJun 9, 2023
    risk 0.28cvss 5.4epss 0.01

    The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for…

  • CVE-2021-20792Aug 18, 2021
    risk 0.01cvss epss 0.04

    Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.

  • CVE-2025-9637Jan 6, 2026
    risk 0.00cvss epss 0.00

    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it…

  • CVE-2023-51507Jun 14, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.

  • CVE-2023-47834Nov 22, 2023
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions.

  • CVE-2022-42883Nov 18, 2022
    risk 0.00cvss epss 0.01

    Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.

  • CVE-2022-40698Nov 18, 2022
    risk 0.00cvss epss 0.00

    Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.

  • CVE-2022-41652Nov 18, 2022
    risk 0.00cvss epss 0.01

    Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.

  • CVE-2021-36905Nov 17, 2022
    risk 0.00cvss epss 0.00

    Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.

  • CVE-2021-36906Nov 3, 2022
    risk 0.00cvss epss 0.01

    Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.

  • CVE-2021-36864Oct 28, 2022
    risk 0.00cvss epss 0.00

    Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.

  • CVE-2021-36863Oct 28, 2022
    risk 0.00cvss epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.

  • CVE-2021-36865Sep 30, 2022
    risk 0.00cvss epss 0.00

    Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.

  • CVE-2022-0182Jan 17, 2022
    risk 0.00cvss epss 0.01

    Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.

  • CVE-2022-0181Jan 17, 2022
    risk 0.00cvss epss 0.01

    Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.

  • CVE-2022-0180Jan 17, 2022
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.