| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5797 | Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Medium | 5.3 | 2026-04-17 05:29:27 | Deep Dive |
| CVE-2026-2412 | Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Medium | 6.5 | 2026-03-23 22:25:40 | Deep Dive |
| CVE-2025-67987 | WordPress Quiz And Survey Master plugin <= 10.3.1 - SQL Injection vulnerability | ExpressTech Systems | Quiz And Survey Master | - | - | 2026-02-20 15:46:32 | Deep Dive |
| CVE-2026-25329 | WordPress Quiz And Survey Master plugin <= 10.3.4 - Broken Access Control vulnerability | ExpressTech Systems | Quiz And Survey Master | - | - | 2026-02-19 08:26:57 | Deep Dive |
| CVE-2026-25324 | WordPress Quiz And Survey Master plugin <= 10.3.4 - Insecure Direct Object References (IDOR) vulnerability | ExpressTech Systems | Quiz And Survey Master | - | - | 2026-02-19 08:26:56 | Deep Dive |
| CVE-2026-24358 | WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability | ExpressTech Systems | Quiz And Survey Master | Medium | 4.3 | 2026-01-22 16:52:44 | Deep Dive |
| CVE-2025-9637 | Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Medium | 6.5 | 2026-01-06 09:20:59 | Deep Dive |
| CVE-2025-9318 | Quiz and Survey Master (QSM) <= 10.3.1 - Authenticated (Subscriber+) SQL Injection via `is_linking` Query Parameter | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Medium | 6.5 | 2026-01-06 09:20:59 | Deep Dive |
| CVE-2025-9294 | Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Medium | 4.3 | 2026-01-06 08:21:49 | Deep Dive |
| CVE-2025-63054 | WordPress Quiz And Survey Master plugin <= 10.3.2 - Broken Access Control vulnerability | ExpressTech Systems | Quiz And Survey Master | Medium | 5.3 | 2025-12-09 14:52:32 | Deep Dive |
| CVE-2025-55708 | WordPress Quiz And Survey Master Plugin <= 10.2.4 - SQL Injection Vulnerability | ExpressTech Systems | Quiz And Survey Master | High | 8.5 | 2025-08-14 18:21:35 | Deep Dive |
| CVE-2023-37984 | WordPress Quiz And Survey Master plugin <= 8.1.10 - Broken Access Control vulnerability | ExpressTech Systems | Quiz And Survey Master | Medium | 4.3 | 2024-12-13 14:23:52 | Deep Dive |
| CVE-2024-44011 | WordPress WP Ticket Ultra plugin <= 1.0.5 - Local File Inclusion vulnerability | ExpressTech Systems | WP Ticket Ultra Help Desk & Support Plugin | High | 7.5 | 2024-10-05 10:33:04 | Deep Dive |
| CVE-2023-51507 | WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability | ExpressTech | Quiz And Survey Master | Medium | 5.3 | 2024-06-14 01:01:47 | Deep Dive |
| CVE-2024-3592 | Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Critical | 9.9 | 2024-06-07 05:33:47 | Deep Dive |
| CVE-2023-28787 | WordPress Quiz And Survey Master plugin <= 8.1.4 - Unauthenticated SQL Injection vulnerability | ExpressTech | Quiz And Survey Master | Critical | 9.3 | 2024-03-26 20:24:28 | Deep Dive |
| CVE-2024-27966 | WordPress Quiz And Survey Master plugin <= 8.2.2 - Cross Site Scripting (XSS) vulnerability | ExpressTech | Quiz And Survey Master | Medium | 5.9 | 2024-03-21 15:30:55 | Deep Dive |
| CVE-2023-51521 | WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability | ExpressTech | Quiz And Survey Master | Medium | 5.4 | 2024-03-16 00:44:47 | Deep Dive |
| CVE-2023-47834 | WordPress Quiz And Survey Master Plugin <= 8.1.13 is vulnerable to Cross Site Scripting (XSS) | ExpressTech | Quiz And Survey Master | Medium | 6.5 | 2023-11-22 23:16:40 | Deep Dive |
| CVE-2023-26524 | WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF) | ExpressTech | Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | Medium | 4.3 | 2023-11-12 23:55:19 | Deep Dive |