CVE-2025-9637

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress versions prior to and including 10.3.1

Description The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is susceptible to unauthorized access and data modification. This is due to the absence of appropriate capability and status checks within multiple functions. This allows unauthenticated attackers to view details of unpublished, private, or password-protected quizzes. Attackers can also submit file responses to questions within these quizzes, enabling file upload functionality. The vulnerable functions lack proper authorization controls, allowing unauthorized access to sensitive quiz data and potential file uploads.

Recommendations Update to a version beyond 10.3.1.