cleantalk
Vulnerabilities and Security Researches

Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress, CVE-2023-0292

CVE, Research URL

CVE-2023-0292

Home page URL

Security reports for Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress

Application

Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress

Published on
Jun 09, 2023
Research Description
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 8.0.9.
Status
vulnerable
Previous vulnerability researches
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2025-55708) , Aug 16, 2025
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2024-3592) , Jun 08, 2024
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2024-5606) , Jul 22, 2024
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2024-4934) , Jul 03, 2024
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2022-0180) , Jun 07, 2024
New vulnerability
Billplz Addon for Contact Form 7 (CVE-2025-31007) , Aug 16, 2025
Time Sheets (CVE-2025-49054) , Aug 16, 2025
The Plus Blocks for Block Editor | Gutenberg (CVE-2025-54739) , Aug 16, 2025
WP-Database-Optimizer-Tools (CVE-2025-53219) , Aug 16, 2025
WP Dynamic Links (CVE-2025-49038) , Aug 16, 2025