SQL Injection Vulnerability in Quiz Master Next Plugin for WordPress
CVE-2026-13767
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 16 July 2026
What is CVE-2026-13767?
The Quiz Master Next plugin for WordPress suffers from an SQL Injection vulnerability that arises from inadequate escaping of user input in the 'pages' parameter. This issue is present in versions up to and including 11.2.0. The vulnerability can be exploited by authenticated users with Author-level access and higher, allowing attackers to inject malicious SQL payloads. When other users, including administrators, access the quiz's Questions tab, the injected payload can execute, enabling attackers to manipulate existing SQL queries and potentially extract sensitive information from the database. Mitigating this vulnerability is crucial to safeguarding your WordPress site from unauthorized data access.
Affected Version(s)
Quiz and Survey Master (QSM) β Quiz Maker & Survey Maker 0 <= 11.2.0