CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40698 – WordPress Quiz And Survey Master plugin <= 7.3.10 - Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-40698
21 Oct 2022 — Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de suscriptor o supreriores) en el complemento Quiz And Survey Master en versiones <= 7.3.10 en WordPress. The Quiz And Survey Master plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.3.10 due to insufficient input sanitization and output escaping. This makes it possi... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36864 – WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36864
21 Oct 2022 — Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. Autenticación. (editor+) Vulnerabilidad de Cross-Site Scripting (XSS) reflejada en el complemento ExpressTech Quiz And Survey Master <= 7.3.4 en WordPress. The Quiz And Survey Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 7.3.4 due to insufficient input sanitization and output escaping.... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-4-auth-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36898 – WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability
https://notcve.org/view.php?id=CVE-2021-36898
21 Oct 2022 — Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. Autenticación. Vulnerabilidad de inyección SQL (SQLi) en el complemento Quiz And Survey Master <= 7.3.4 en WordPress. The Quiz And Survey Master plugin for WordPress is vulnerable to SQL Injection via several parameters in versions up to, and including, 7.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-4-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36905 – WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2021-36905
21 Oct 2022 — Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. Vulnerabilidad de Coss-Site Scripting (XSS) de autenticación multiple (con permisos de colaboradores o superiores) almacenada en el complemento Quiz And Survey Master en WordPress en versiones <= 7.3.4. The Quiz And Survey Master plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 7.3.4 due to insuffi... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-4-multiple-auth-stored-cross-site-scripting-xss-vulnerabilities?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42883 – WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-42883
21 Oct 2022 — Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. Vulnerabilidad de divulgación de información confidencial descubierta por el complemento Quiz And Survey Master en WordPress en versiones <= 7.3.10. The Quiz And Survey Master plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 7.3.10. This could allow unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-10-sensitive-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41652 – WordPress Quiz And Survey Master plugin <= 7.3.10 - Bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-41652
21 Oct 2022 — Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. Omite la vulnerabilidad en el complemento Quiz And Survey Master en WordPress en versiones <= 7.3.10. The Quiz And Survey Master plugin for WordPress is vulnerable to authorization bypass due to a missing user validations on the qsm_clear_audit_data function in versions up to, and including, 7.3.10. This makes it possible for unauthenticated attackers to invoke this function and clear audit log data. • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-10-bypass-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36906 – WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities
https://notcve.org/view.php?id=CVE-2021-36906
21 Oct 2022 — Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. Múltiples vulnerabilidades de Insecure Direct Object References (IDOR) en el complemento ExpressTech Quiz And Survey Master en WordPress en versiones <= 7.3.6. The Quiz And Survey Master plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 7.3.6. This is due to insufficient validation on a user controlled key. This makes ... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-6-multiple-insecure-direct-object-references-idor-vulnerabilities?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25602 – WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability
https://notcve.org/view.php?id=CVE-2022-25602
16 Mar 2022 — Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). Se ha detectado una vulnerabilidad de filtrado de token nonce que conlleva a una carga arbitraria de archivos, la eliminación de temas y el cambio de la configuración del plugin en el plugin Responsive Menu de WordPress (versiones anteriores a 4.1.7 incluyéndola) The Responsive Menu plugin for WordPress is vulnerable to authorization bypa... • https://patchstack.com/database/vulnerability/responsive-menu/wordpress-responsive-menu-plugin-4-1-7-nonce-token-leak-leading-to-arbitrary-file-upload-theme-deletion-plugin-settings-change-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0182 – Quiz And Survey Master <= 7.3.6 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0182
12 Jan 2022 — Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master. Una vulnerabilidad de tipo cross-site scripting almacenado en Quiz And Survey Master versiones anteriores a 7.3.7, permite a un atacante remoto autenticado inyectar un script arbitrario por medio de un sitio web que use Quiz And Survey Master • https://jvn.jp/en/jp/JVN72788165/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0180 – Quiz And Survey Master <= 7.3.6 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2022-0180
12 Jan 2022 — Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Quiz And Survey Master versiones anteriores a 7.3.7, permite a un atacante remoto secuestrar la autenticación de los administradores y realizar operaciones arbitrarias por medio de una página web especialmente d... • https://jvn.jp/en/jp/JVN72788165/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •