CVE-2023-28787: Critical Unauthenticated SQL Injection Vulnerability Discovered in Popular WordPress Quiz And Survey Master Plugin


Quiz and Survey Master, a widely-used WordPress plugin with over 40,000 active installations, is now facing a critical security vulnerability. Known for its capability to create engaging content such as viral quizzes, trivia quizzes, and surveys, the plugin is an essential marketing tool for many websites. However, researcher Rafie Muhammad from Patchstack has discovered an unauthenticated SQL Injection vulnerability in the plugin, which could enable malicious actors to directly interact with a website’s database and potentially steal sensitive information. The vulnerability has been assigned the identifier CVE-2023-28787 and given a CVSS score of 9.3, making it a critical risk.

Read more…