CVE-2025-9294

Medium CVSS: 4.3

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete quiz results.

Vendor

Expresstech

Product

Quiz And Survey Master

CWE

CWE-285

Yayın Tarihi

2026-01-06 09:15:55

Güncelleme

2026-01-09 13:23:13

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-285 Quiz And Survey Master MEDIUM Expresstech 2026

Referanslar

https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/admin/options-page-questions-tab.php#L1116 https://www.wordfence.com/threat-intel/vulnerabilities/id/55895508-d0ef-4855-8d15-b8a45ba0dcb2?source=cve

Benzer Kayıtlar

Medium

CVE-2025-9318

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injec…

Medium

CVE-2025-9637

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access…

Medium

CVE-2024-10679

The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which…