Description
WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker is prone to multiple vulnerabilities, including iFrame injection and input validation bypass vulnerabilities. Exploiting these issues could allow an attacker to inject iFrames in pages that will execute whenever a user accesses an injected page, or to send values other than the expected type. WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker version 8.0.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 8.0.5 or latest
References
Related Vulnerabilities
WordPress Plugin iQ Block Country Cross-Site Scripting (1.1.19)
OpenVPN AS Insufficient Session Expiration Vulnerability (CVE-2020-15074)
WordPress Plugin UpdraftPlus WordPress Backup Privilege Escalation (1.23.2)
WordPress Plugin BuddyPress Multiple Cross-Site Request Forgery Vulnerabilities (2.8.1)