CSRF Vulnerability in Quiz and Survey Master Plugin for WordPress
CVE-2025-6790

Currently unrated

Key Information:

Vendor: WordPress
Status: Quiz And Survey Master (qsm)
Vendor: CVE Published:; 14 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-6790?

The Quiz and Survey Master plugin for WordPress prior to version 10.2.3 lacks a proper CSRF check when updating its settings. This security weakness could enable attackers to exploit the plugin through malicious requests, allowing them to modify the settings of a logged-in admin without proper authorization.

Affected Version(s)

Quiz and Survey Master (QSM) 0 < 10.2.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6790 - Proof of Concept

References

https://wpscan.com/vulnerability/af337f9f-c955-49eb-9675-...

exploitvdb-entrytechnical-description

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 14, 2025
👾
Exploit known to exist
Aug 14, 2025
Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

Dmitrii Ignatyev

WPScan