Quiz and survey master (qsm) – easy quiz and survey maker
This hub aggregates every CVE we track for Quiz and survey master (qsm) – easy quiz and survey maker, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
1
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM9HIGH2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
3
0
1
1
0
2
0
2024-082026-07
Latest CVEs
The 12 most recently published vulnerabilities affecting Quiz and survey master (qsm) – easy quiz and survey maker.
- CVE-2026-9233Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action4.3
- CVE-2026-6448Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters4.9
- CVE-2026-5797Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields5.3
- CVE-2026-2412Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter6.5
- CVE-2025-9318Quiz and Survey Master (QSM) <= 10.3.1 - Authenticated (Subscriber+) SQL Injection via `is_linking` Query Parameter6.5
- CVE-2025-9637Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads6.5
- CVE-2025-9294Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion4.3
- CVE-2024-3592Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection9.9
- CVE-2023-0292Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion5.4
- CVE-2023-0291Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion7.2
- CVE-2022-4033Quiz and Survey Master <= 8.0.4 - Improper Input Validation5.3
- CVE-2022-4032Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer7.2
Product normalization is registry-driven with AI assist and human review. How it works