SQL Injection Vulnerability in Quiz and Survey Master Plugin for WordPress

CVE-2025-9318

What is CVE-2025-9318?

The Quiz and Survey Master (QSM) plugin for WordPress is susceptible to time-based SQL Injection through the ‘is_linking’ parameter in versions up to and including 10.3.1. This vulnerability arises from insufficient escaping of user-supplied data and poor preparation of existing SQL queries, enabling authenticated attackers with Subscriber-level access and above to inject additional SQL queries. Such exploits can lead to unauthorized access to sensitive database information, raising significant security concerns for WordPress users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References