CVE-2025-67987

Awaiting Analysis Awaiting Analysis - Queue

SQL Injection in Quiz And Survey Master Plugin

Publication date: 2026-02-20

Last updated on: 2026-02-24

Assigner: Patchstack

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-20

Last Modified

2026-02-24

Generated

2026-06-16

AI Q&A

2026-02-20

EPSS Evaluated

2026-06-14

NVD

CVE-2025-67987

Affected Vendors & Products

Vendor	Product	Version / Range
expresstech_systems	quiz_and_survey_master	to 10.3.1 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-67987 is a high-priority SQL Injection vulnerability found in the WordPress Quiz And Survey Master Plugin versions up to and including 10.3.1.'}, {'type': 'paragraph', 'content': "This vulnerability allows a malicious actor to directly interact with the plugin's database by improperly neutralizing special elements used in SQL commands, which can lead to unauthorized data access or theft."}, {'type': 'paragraph', 'content': 'It is classified under OWASP Top 10 A3: Injection and has a CVSS severity score of 8.5, indicating a highly dangerous threat.'}, {'type': 'paragraph', 'content': 'The issue requires only subscriber-level privileges to exploit, increasing its risk.'}, {'type': 'paragraph', 'content': 'The vulnerability was reported on November 21, 2025, publicly disclosed on January 28, 2026, and patched in version 10.3.2 of the plugin.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "This SQL Injection vulnerability can allow attackers to manipulate the plugin's database, potentially leading to unauthorized access or theft of sensitive information."}, {'type': 'paragraph', 'content': 'Because the vulnerability requires only subscriber-level privileges to exploit, it increases the risk of exploitation by relatively low-privileged users.'}, {'type': 'paragraph', 'content': 'Successful exploitation could compromise the integrity and confidentiality of your data stored or managed by the Quiz And Survey Master plugin.'}, {'type': 'paragraph', 'content': 'Users are strongly advised to update to version 10.3.2 or later to mitigate this risk.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is an SQL Injection flaw in the WordPress Quiz And Survey Master Plugin versions up to 10.3.1. Detection typically involves monitoring for unusual database queries or attempts to exploit SQL Injection vectors targeting this plugin.'}, {'type': 'paragraph', 'content': "While specific commands are not provided in the resources, common detection methods include using web application firewalls (WAFs) with rules to detect SQL Injection patterns, or scanning HTTP requests for suspicious payloads targeting the plugin's endpoints."}, {'type': 'paragraph', 'content': 'Patchstack provides mitigation rules that can block attacks targeting this vulnerability, which can also serve as detection mechanisms.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate and recommended step to mitigate this vulnerability is to update the WordPress Quiz And Survey Master Plugin to version 10.3.2 or later, where the vulnerability is patched.'}, {'type': 'paragraph', 'content': "Until the update can be applied, users are advised to use Patchstack's mitigation rules which block attacks targeting this vulnerability."}, {'type': 'paragraph', 'content': 'Additionally, enabling automatic updates for vulnerable plugins and using security tools such as web application firewalls can help reduce the risk of exploitation.'}] [1]

Hi! I’m here to help you understand CVE-2025-67987. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-67987

SQL Injection in Quiz And Survey Master Plugin

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart