PT-2026-1430 · WordPress · Qsm – Easy Quiz/Survey Maker+1
Rahul Sreenivasan
·
Published
2026-01-06
·
Updated
2026-01-09
·
CVE-2025-9637
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress versions prior to and including 10.3.1
Description
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is susceptible to unauthorized access and data modification. This is due to the absence of appropriate capability and status checks within multiple functions. This allows unauthenticated attackers to view details of unpublished, private, or password-protected quizzes. Attackers can also submit file responses to questions within these quizzes, enabling file upload functionality. The vulnerable functions lack proper authorization controls, allowing unauthorized access to sensitive quiz data and potential file uploads.
Recommendations
Update to a version beyond 10.3.1.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qsm – Easy Quiz/Survey Maker
Quiz/Survey Master