CVE-2021-36865
LOWExpressTech Quiz And Survey Master <= 7.3.4 - Insecure Direct Object Reference
Title source: llmDescription
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve
Product x_refsource_confirm
https://wordpress.org/plugins/quiz-master-next/#developers
Scores
CVSS v3
3.8
EPSS
0.0041
EPSS Percentile
32.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (2)
ExpressTech/Quiz And Survey Master (WordPress plugin)
<= 7.3.4 - 7.3.4
quizandsurveymaster/quiz_and_survey_master
< 7.3.4
Published
Sep 30, 2022
Tracked Since
Feb 18, 2026