Missing Authorization Vulnerability in Quiz And Survey Master by ExpressTech Systems
CVE-2026-24358

Currently unrated

Key Information:

Vendor: WordPress
Status: Quiz And Survey Master
Vendor: CVE Published:; 22 January 2026

What is CVE-2026-24358?

A missing authorization vulnerability exists in the Quiz And Survey Master plugin by ExpressTech Systems. This flaw allows attackers to exploit incorrectly configured access control security levels, potentially leading to unauthorized access and manipulation of quizzes and surveys. The vulnerability affects all versions up to 10.3.3, highlighting the need for immediate attention and updates to mitigate risks.

Affected Version(s)

Quiz And Survey Master <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/quiz-mas...

vdb-entry

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Jan 22, 2026

Credit

daroo | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2026-24358?

Affected Version(s)

References

Timeline

Credit