Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Quiz and Survey Master SQL injection SQL injection flaw (CVE-2025-67987)

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Quiz and Survey Master (QSM) has a disclosed SQL injection flaw affecting more than 40,000 WordPress sites, creating risk of unauthorized database access on versions 10.3.1 and earlier. The issue is tracked as CVE-2025-67987 and could be triggered by authenticated Subscriber-level users or higher. A fixed release, 10.3.2, is available.

Related Happenings

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)

Advisory/Mitigation
First: 03.02.2026 18:15 Last: 03.02.2026 18:15 Sources 1

How related: In an advisory published last week, Patchstack said the vulnerability was fixed in Quiz and Survey Master version 10.3.2.

About this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...

Open Happening

Timeline

  1. 03.02.2026 18:15 1 articles · 3mo ago

    Responsible report received for Quiz and Survey Master SQL injection

    Initial Disclosure

    Doan Dinh Van, a Patchstack Alliance community member, reported a SQL injection flaw in Quiz and Survey Master to Patchstack, and Patchstack notified the plugin vendor.

    Show sources
    Open in new tab
  2. 03.02.2026 18:15 2 articles · 3mo ago

    Quiz and Survey Master 10.3.2 released to fix SQL injection

    Mitigation Patch Update

    Quiz and Survey Master version 10.3.2 was released to fix the SQL injection flaw by converting the is_linking parameter into an integer with intval before the database query processed it.

    Show sources
    Open in new tab
  3. 03.02.2026 18:15 1 articles · 3mo ago

    Patchstack publicly discloses CVE-2025-67987 in Quiz and Survey Master

    Technical Analysis Update

    Patchstack publicly disclosed CVE-2025-67987 affecting Quiz and Survey Master versions 10.3.1 and earlier, noting that more than 40,000 WordPress sites could be affected and that authenticated Subscriber-level users or higher could interfere with database queries through the affected REST API function.

    Show sources
    Open in new tab