Home/Product/expresstech quiz and survey master
Product

expresstech quiz and survey master

41 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-9637
< 10.3.2
The Quiz and Survey Master (QSM) - Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modifi
6.5MEDIUM
 CVE-2025-9318
< 10.3.2
The Quiz and Survey Master (QSM) - Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via t
6.5MEDIUM
 CVE-2025-9294
< 10.3.2
The Quiz and Survey Master (QSM) - Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due
4.3MEDIUM
 CVE-2024-10679
< 9.2.1
The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could all
6.1MEDIUM
 CVE-2024-8758
< 9.1.3
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could all
4.8MEDIUM
 CVE-2024-6879
< 9.1.1
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying
4.7MEDIUM
 CVE-2024-6390
< 9.1.0
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings,
5.9MEDIUM
 CVE-2024-6025
< 9.0.5
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which coul
5.4MEDIUM
 CVE-2024-5606
< 9.0.2
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id paramet
8.8HIGH
 CVE-2024-4934
< 9.0.2
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before output
5.5MEDIUM
 CVE-2023-51507
< 8.1.17
Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a thro
5.3MEDIUM
 CVE-2024-3592
< 9.0.2
The Quiz And Survey Master - Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection v
9.9CRITICAL
 CVE-2023-47834
<= 8.1.13
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey
6.5MEDIUM
 CVE-2023-26524
<= 8.0.10
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master - Best Quiz, Exam and Survey Plugin for Word
4.3MEDIUM
 CVE-2023-3575
< 8.1.11
The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow
5.4MEDIUM
 CVE-2023-0292
<= 8.0.8
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.
5.4MEDIUM
 CVE-2023-0291
<= 8.0.8
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function a
7.2HIGH
 CVE-2022-46862
< 8.0.8
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master - Best Quiz, Exam and Survey Plugin for Word
4.3MEDIUM
 CVE-2022-4033
<= 8.0.4
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versi
5.3MEDIUM
 CVE-2022-4032
<= 8.0.4
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up
7.2HIGH
 CVE-2022-42883
<= 7.3.10
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
5.3MEDIUM
 CVE-2022-40698
< 7.3.11
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
5.4MEDIUM
 CVE-2022-41652
< 7.3.11
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
6.5MEDIUM
 CVE-2021-36905
< 7.3.5
Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordP
5.4MEDIUM
 CVE-2021-36906
<= 7.3.6
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPre
2.7LOW
 CVE-2021-36898
<= 7.3.4
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
7.5HIGH
 CVE-2021-36864
<= 7.3.4
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPr
3.4LOW
 CVE-2021-36863
<= 7.3.4
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on Word
5.4MEDIUM
 CVE-2021-36865
<= 7.3.4
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows a
3.8LOW
 CVE-2022-0182
< 7.3.7
Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker
5.4MEDIUM
 CVE-2022-0181
< 7.3.7
Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject
6.1MEDIUM
 CVE-2022-0180
< 7.3.7
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hija
8.8HIGH
 CVE-2021-24691
< 7.3.2
The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pa
4.8MEDIUM
 CVE-2021-20792
< 7.1.14
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary
6.1MEDIUM
 CVE-2021-24368
< 7.1.18
The Quiz And Survey Master - Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its resul
6.1MEDIUM
 CVE-2021-24221
< 7.1.12
The Quiz And Survey Master - Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id G
8.8HIGH
 CVE-2020-35951
< 7.0.1
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files
9.9CRITICAL
 CVE-2020-35949
< 7.0.1
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated a
10.0CRITICAL
 CVE-2016-11085
< 4.7.9
php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS
6.5MEDIUM
 CVE-2019-17599
< 6.3.5
The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). Th
6.1MEDIUM
 CVE-2019-9575
all versions
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
6.1MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh