Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-02-20
CVE-2021-36865 - Quiz And Survey Master Plugin
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin
PLUGIN
Quiz And Survey Master
CVE-2021-36865
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24691 - Quiz And Survey Master Plugin
The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
PLUGIN
Quiz And Survey Master
CVE-2021-24691
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24368 - Quiz And Survey Master Plugin
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link
PLUGIN
Quiz And Survey Master
CVE-2021-24368
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24221 - Quiz And Survey Master Plugin
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection.
PLUGIN
Quiz And Survey Master
CVE-2021-24221
Risk Score