CVE-2025-6790

Medium CVSS 4.3

Overview

The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

CWE: N/A Published: 2025-08-14T06:15:28.530

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.3 (MEDIUM)
Detected tags: csrf, wordpress (tag impact: MODERATE)

Recommended actions:

CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.

Overview

Recommended tools

Tags