CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27966 – WordPress Quiz And Survey Master plugin <= 8.2.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-27966
13 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en ExpressTech Quiz And Survey Master permite XSS almacenado. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.2.2. The Quiz And Survey Master – Best Q... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51521 – WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-51521
27 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ExpressTech Quiz And Survey Master. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.1.18. The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.1.18. This is due to missing or incorrect nonce validation on severa... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51507 – WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51507
27 Dec 2023 — Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16. Vulnerabilidad de autorización faltante en ExpressTech Quiz And Survey Master. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.1.16. The Quiz And Survey Master plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions in versions up to, and including, 8.1.16. This ... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-16-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37984 – WordPress Quiz And Survey Master plugin <= 8.1.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-37984
17 Jul 2023 — Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10. The Quiz And Survey Master plugin for WordPress is vulnerable to exessive quiz attempts due to a missing validation checks on the ajax_submit_results() function in versions up to, and including, 8.1.10. This makes it possible for unauthenticated attackers to bypass the set limits for the number of... • https://patchstack.com/database/wordpress/plugin/quiz-master-next/vulnerability/wordpress-quiz-and-survey-master-plugin-8-1-10-broken-access-control-vulnerability?_s_id=cve • CWE-799: Improper Control of Interaction Frequency CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28787 – WordPress Quiz And Survey Master plugin <= 8.1.4 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-28787
16 Apr 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en ExpressTech Quiz And Survey Master. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.1.4. The Quiz and Survey Master plugin for WordPress is vulnerable to SQL Injection via ... • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •