All the vulnerabilites related to ExpressTech - Quiz And Survey Master
cve-2023-51521
Vulnerability from cvelistv5
Published
2024-03-16 00:44
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T15:33:08.080591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:48.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "quiz-master-next",
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"changes": [
{
"at": "8.1.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.1.18",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Brandon Roldan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.\u003cp\u003eThis issue affects Quiz And Survey Master: from n/a through 8.1.18.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-16T00:50:47.288Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 8.1.19 or a higher version."
}
],
"value": "Update to 8.1.19 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Quiz And Survey Master plugin \u003c= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51521",
"datePublished": "2024-03-16T00:44:47.171Z",
"dateReserved": "2023-12-20T17:28:07.135Z",
"dateUpdated": "2024-08-02T22:40:33.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0182
Vulnerability from cvelistv5
Published
2022-01-17 09:10
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.
References
| ▼ | URL | Tags |
|---|---|---|
| https://quizandsurveymaster.com/ | x_refsource_MISC | |
| https://wordpress.org/plugins/quiz-master-next/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN72788165/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quizandsurveymaster.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN72788165/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"status": "affected",
"version": "versions prior to 7.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T09:10:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quizandsurveymaster.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN72788165/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-0182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quiz And Survey Master",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.3.7"
}
]
}
}
]
},
"vendor_name": "ExpressTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://quizandsurveymaster.com/",
"refsource": "MISC",
"url": "https://quizandsurveymaster.com/"
},
{
"name": "https://wordpress.org/plugins/quiz-master-next/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"name": "https://jvn.jp/en/jp/JVN72788165/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN72788165/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-0182",
"datePublished": "2022-01-17T09:10:29",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20792
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quizandsurveymaster.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=2503364%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php\u0026old=2490516%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65388002/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"status": "affected",
"version": "versions prior to 7.1.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:26",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quizandsurveymaster.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=2503364%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php\u0026old=2490516%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN65388002/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quiz And Survey Master",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.1.14"
}
]
}
}
]
},
"vendor_name": "ExpressTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://quizandsurveymaster.com/",
"refsource": "MISC",
"url": "https://quizandsurveymaster.com/"
},
{
"name": "https://wordpress.org/plugins/quiz-master-next/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?new=2503364%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php\u0026old=2490516%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?new=2503364%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php\u0026old=2490516%40quiz-master-next%2Ftrunk%2Fphp%2Fadmin%2Fquizzes-page.php"
},
{
"name": "https://jvn.jp/en/jp/JVN65388002/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN65388002/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20792",
"datePublished": "2021-08-18T05:36:26",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28787
Vulnerability from cvelistv5
Published
2024-03-26 20:24
Modified
2024-08-06 15:16
Severity ?
EPSS score ?
Summary
WordPress Quiz And Survey Master plugin <= 8.1.4 - Unauthenticated SQL Injection vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:12:16.484599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:16:34.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "quiz-master-next",
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"changes": [
{
"at": "8.1.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.1.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in ExpressTech Quiz And Survey Master.\u003cp\u003eThis issue affects Quiz And Survey Master: from n/a through 8.1.4.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T20:24:27.535Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 8.1.5 or a higher version."
}
],
"value": "Update to 8.1.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Quiz And Survey Master plugin \u003c= 8.1.4 - Unauthenticated SQL Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-28787",
"datePublished": "2024-03-26T20:24:27.535Z",
"dateReserved": "2023-03-23T17:03:15.168Z",
"dateUpdated": "2024-08-06T15:16:34.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0181
Vulnerability from cvelistv5
Published
2022-01-17 09:10
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://quizandsurveymaster.com/ | x_refsource_MISC | |
| https://wordpress.org/plugins/quiz-master-next/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN72788165/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quizandsurveymaster.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN72788165/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"status": "affected",
"version": "versions prior to 7.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T09:10:27",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quizandsurveymaster.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN72788165/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-0181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quiz And Survey Master",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.3.7"
}
]
}
}
]
},
"vendor_name": "ExpressTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://quizandsurveymaster.com/",
"refsource": "MISC",
"url": "https://quizandsurveymaster.com/"
},
{
"name": "https://wordpress.org/plugins/quiz-master-next/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"name": "https://jvn.jp/en/jp/JVN72788165/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN72788165/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-0181",
"datePublished": "2022-01-17T09:10:27",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47834
Vulnerability from cvelistv5
Published
2023-11-22 23:16
Modified
2024-08-02 21:16
Severity ?
EPSS score ?
Summary
WordPress Quiz And Survey Master Plugin <= 8.1.13 is vulnerable to Cross Site Scripting (XSS)
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-13-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "quiz-master-next",
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"changes": [
{
"at": "8.1.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.1.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "emad (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ExpressTech Quiz And Survey Master plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;8.1.13 versions.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ExpressTech Quiz And Survey Master plugin \u003c=\u00a08.1.13 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-22T23:16:40.330Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-13-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;8.1.14 or a higher version."
}
],
"value": "Update to\u00a08.1.14 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Quiz And Survey Master Plugin \u003c= 8.1.13 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-47834",
"datePublished": "2023-11-22T23:16:40.330Z",
"dateReserved": "2023-11-12T23:21:17.000Z",
"dateUpdated": "2024-08-02T21:16:43.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0180
Vulnerability from cvelistv5
Published
2022-01-17 09:10
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://quizandsurveymaster.com/ | x_refsource_MISC | |
| https://wordpress.org/plugins/quiz-master-next/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN72788165/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quizandsurveymaster.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN72788165/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"status": "affected",
"version": "versions prior to 7.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T09:10:26",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quizandsurveymaster.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN72788165/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-0180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quiz And Survey Master",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.3.7"
}
]
}
}
]
},
"vendor_name": "ExpressTech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://quizandsurveymaster.com/",
"refsource": "MISC",
"url": "https://quizandsurveymaster.com/"
},
{
"name": "https://wordpress.org/plugins/quiz-master-next/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/quiz-master-next/"
},
{
"name": "https://jvn.jp/en/jp/JVN72788165/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN72788165/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-0180",
"datePublished": "2022-01-17T09:10:26",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51507
Vulnerability from cvelistv5
Published
2024-06-14 01:01
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "quiz_and_survey_master",
"vendor": "expresstech",
"versions": [
{
"lessThanOrEqual": "8.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T20:30:58.365113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T20:32:41.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-16-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "quiz-master-next",
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"changes": [
{
"at": "8.1.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.1.16",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Revan Arifio (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.\u003cp\u003eThis issue affects Quiz And Survey Master: from n/a through 8.1.16.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T01:01:47.258Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-16-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 8.1.17 or a higher version."
}
],
"value": "Update to 8.1.17 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Quiz And Survey Master plugin \u003c= 8.1.16 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51507",
"datePublished": "2024-06-14T01:01:47.258Z",
"dateReserved": "2023-12-20T15:33:01.355Z",
"dateUpdated": "2024-08-02T22:32:10.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27966
Vulnerability from cvelistv5
Published
2024-03-21 15:30
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
WordPress Quiz And Survey Master plugin <= 8.2.2 - Cross Site Scripting (XSS) vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T13:09:30.679393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:49.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "quiz-master-next",
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"changes": [
{
"at": "8.2.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.2.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marzieh Hashemi (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.\u003cp\u003eThis issue affects Quiz And Survey Master: from n/a through 8.2.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T15:30:55.058Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 8.2.3 or a higher version."
}
],
"value": "Update to 8.2.3 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Quiz And Survey Master plugin \u003c= 8.2.2 - Cross Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-27966",
"datePublished": "2024-03-21T15:30:55.058Z",
"dateReserved": "2024-02-28T16:45:55.564Z",
"dateUpdated": "2024-08-02T00:41:55.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37984
Vulnerability from cvelistv5
Published
2024-12-13 14:23
Modified
2024-12-13 20:36
Severity ?
EPSS score ?
Summary
WordPress Quiz And Survey Master plugin <= 8.1.10 - Broken Access Control vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T19:06:38.116741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T20:36:46.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "quiz-master-next",
"product": "Quiz And Survey Master",
"vendor": "ExpressTech",
"versions": [
{
"changes": [
{
"at": "8.1.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.1.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "qilin_99 (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Quiz And Survey Master: from n/a through 8.1.10.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T14:23:51.989Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/quiz-master-next/vulnerability/wordpress-quiz-and-survey-master-plugin-8-1-10-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Quiz And Survey Master plugin to the latest available version (at least 8.1.11)."
}
],
"value": "Update the WordPress Quiz And Survey Master plugin to the latest available version (at least 8.1.11)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Quiz And Survey Master plugin \u003c= 8.1.10 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-37984",
"datePublished": "2024-12-13T14:23:51.989Z",
"dateReserved": "2023-07-11T11:35:05.915Z",
"dateUpdated": "2024-12-13T20:36:46.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2022-000002
Vulnerability from jvndb
Published
2022-01-12 15:33
Modified
2022-01-12 15:33
Severity ?
Summary
Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"
Details
WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains multiple vulnerabilities listed below.
* Cross-site request forgery (CWE-352) - CVE-2022-0180
* Reflected cross-site scripting (CWE-79) - CVE-2022-0181
* Stored cross-site scripting (CWE-79) - CVE-2022-0182
CVE-2022-0180, CVE-2022-0181
Daiki Sueyoshi reported these vulnerabilitis to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-0182
Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN72788165/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-0180 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-0181 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-0182 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-0180 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-0181 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-0182 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000002.html",
"dc:date": "2022-01-12T15:33+09:00",
"dcterms:issued": "2022-01-12T15:33+09:00",
"dcterms:modified": "2022-01-12T15:33+09:00",
"description": "WordPress Plugin \"Quiz And Survey Master\" provided by ExpressTech contains multiple vulnerabilities listed below. \r\n\r\n* Cross-site request forgery (CWE-352) - CVE-2022-0180\r\n* Reflected cross-site scripting (CWE-79) - CVE-2022-0181\r\n* Stored cross-site scripting (CWE-79) - CVE-2022-0182\r\n\r\nCVE-2022-0180, CVE-2022-0181\r\nDaiki Sueyoshi reported these vulnerabilitis to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-0182\r\nTsutomu Aramaki of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000002.html",
"sec:cpe": {
"#text": "cpe:/a:expresstech:quiz_and_survey_master",
"@product": "Quiz And Survey Master",
"@vendor": "ExpressTech",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000002",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN72788165/index.html",
"@id": "JVN#72788165",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-0180",
"@id": "CVE-2022-0180",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-0181",
"@id": "CVE-2022-0181",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-0182",
"@id": "CVE-2022-0182",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-0180",
"@id": "CVE-2022-0180",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-0181",
"@id": "CVE-2022-0181",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-0182",
"@id": "CVE-2022-0182",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in WordPress Plugin \"Quiz And Survey Master\""
}
jvndb-2021-000075
Vulnerability from jvndb
Published
2021-08-10 14:40
Modified
2021-08-10 14:40
Severity ?
Summary
WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting
Details
WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability (CWE-79) due to the flow in handling some URL query parameters.
Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own.
After coordination was completed, this case was reported to JPCERT/CC, and JPCERT/CC coordinated with the developer for the publication.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN65388002/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20792 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-20792 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ExpressTech | Quiz And Survey Master |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000075.html",
"dc:date": "2021-08-10T14:40+09:00",
"dcterms:issued": "2021-08-10T14:40+09:00",
"dcterms:modified": "2021-08-10T14:40+09:00",
"description": "WordPress Plugin \"Quiz And Survey Master\" provided by ExpressTech contains a cross-site scripting vulnerability (CWE-79) due to the flow in handling some URL query parameters.\r\n\r\nGen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own.\r\nAfter coordination was completed, this case was reported to JPCERT/CC, and JPCERT/CC coordinated with the developer for the publication.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000075.html",
"sec:cpe": {
"#text": "cpe:/a:expresstech:quiz_and_survey_master",
"@product": "Quiz And Survey Master",
"@vendor": "ExpressTech",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000075",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN65388002/index.html",
"@id": "JVN#65388002",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20792",
"@id": "CVE-2021-20792",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20792",
"@id": "CVE-2021-20792",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress Plugin \"Quiz And Survey Master\" vulnerable to cross-site scripting"
}