CVE-2025-67987

Name of the Vulnerable Software and Affected Versions ExpressTech Systems Quiz And Survey Master versions through 10.3.1

Description A flaw exists in ExpressTech Systems Quiz And Survey Master that allows for SQL Injection. The issue impacts approximately 40,000 WordPress sites globally. A low-privilege, logged-in user can exploit this to query or modify the WordPress database, potentially exposing or altering site data. The issue is due to improper neutralization of special elements used in an SQL command. Exploitation may involve requests to plugin endpoints and unexpected database activity.

Recommendations Update to version 10.3.2 or later. Review logs for suspicious requests to plugin endpoints. Review logs for unexpected database activity.