CSRF Vulnerability in Quiz and Survey Master Plugin for WordPress
CVE-2025-6790

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Quiz And Survey Master (qsm)
Vendor: CVE Published:; 14 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-6790?

The Quiz and Survey Master plugin for WordPress prior to version 10.2.3 lacks a proper CSRF check when updating its settings. This security weakness could enable attackers to exploit the plugin through malicious requests, allowing them to modify the settings of a logged-in admin without proper authorization.

Affected Version(s)

Quiz and Survey Master (QSM) 0 < 10.2.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6790 - Proof of Concept

References

https://wpscan.com/vulnerability/af337f9f-c955-49eb-9675-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 14, 2025
👾
Exploit known to exist
Aug 14, 2025
Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

Dmitrii Ignatyev

WPScan