CVE-2021-36865
LOWQuizandsurveymaster Quiz And Survey Master < 7.3.4 - IDOR
Title source: ruleDescription
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve
Product x_refsource_confirm
https://wordpress.org/plugins/quiz-master-next/#developers
Scores
CVSS v3
3.8
EPSS
0.0015
EPSS Percentile
34.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (2)
ExpressTech/Quiz And Survey Master (WordPress plugin)
<= 7.3.4 - 7.3.4
quizandsurveymaster/quiz_and_survey_master
< 7.3.4
Published
Sep 30, 2022
Tracked Since
Feb 18, 2026