Deserialization of Untrusted Data Vulnerability in ExpressTech Systems Quiz And Survey Master
CVE-2025-49401

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Quiz And Survey Master
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-49401?

A vulnerability exists in the Quiz And Survey Master plugin by ExpressTech Systems, where untrusted data deserialization can lead to object injection risks. This weakness impacts versions from n/a to 10.2.5, enabling potential attackers to exploit the system by injecting malicious objects, thus compromising application integrity and security. Users are encouraged to update to the latest version to mitigate this threat.

Affected Version(s)

Quiz And Survey Master <= 10.2.5

References

https://patchstack.com/database/wordpress/plugin/quiz-mas...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Phat RiO - BlueRock (Patchstack Alliance)

WordPress

What is CVE-2025-49401?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit