Security Advisory

CVE-2024-5606

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-02 06:00:03

Last updated 2024-08-01 21:18:06

Assigner WPScan

State PUBLISHED

Description

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role

← Browse all CVEs View on cve.org ↗