EIP-2026-113994
PRE-CVEWordPress Plugin Quiz And Survey Master 4.5.4/4.7.8 - Cross-Site Request Forgery
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113994. PoCs published by dxw.
AI-analyzed exploit summary This exploit demonstrates a CSRF/stored XSS vulnerability in Quiz And Survey Master (formerly Quiz Master Next) versions 4.5.4 and 4.7.8. The vulnerability allows unauthenticated attackers to inject malicious JavaScript via the question_name parameter, bypassing WordPress's esc_js() escaping due to improper handling in the admin_question.js file.
Description
WordPress Plugin Quiz And Survey Master 4.5.4/4.7.8 - Cross-Site Request Forgery
Exploits (1)
This exploit demonstrates a CSRF/stored XSS vulnerability in Quiz And Survey Master (formerly Quiz Master Next) versions 4.5.4 and 4.7.8. The vulnerability allows unauthenticated attackers to inject malicious JavaScript via the question_name parameter, bypassing WordPress's esc_js() escaping due to improper handling in the admin_question.js file.