Expresstech: >> Quiz And Survey Master >> 7.3.3 Security Vulnerabilities
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
CVSS Score
2.7
EPSS Score
0.004
Published
2022-11-03
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVSS Score
9.1
EPSS Score
0.005
Published
2022-10-28
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVSS Score
3.4
EPSS Score
0.002
Published
2022-10-28
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-10-28
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-01-17
Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-01-17
Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-01-17
Page 3