WP-Safety

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Security & Risk Analysis

wordpress.org/plugins/quiz-master-next

Create quizzes, surveys, and tests easily on WordPress with this versatile plugin. Perfect for engaging any audience and gathering valuable insights!

40K active installs v10.3.5 PHP 5.4+ WP 4.9+ Updated Jan 28, 2026
examonline-assessmentquizsurveytest
76
B · Generally Safe
CVEs total57
Unpatched0
Last CVEJan 28, 2026
Plugin page Download
Safety Verdict

Is Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Safe to Use in 2026?

Mostly Safe

Score 76/100

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker is generally safe to use. 57 past CVEs were resolved. Keep it updated.

57 known CVEsLast CVE: Jan 28, 2026Updated 2mo ago
Risk Assessment

The security posture of Quiz Master Next v10.3.5 presents a mixed bag, with some strong security practices offset by significant areas of concern. The plugin demonstrates good practices in its use of prepared statements for SQL queries and a high percentage of properly escaped outputs, indicating an effort to mitigate common web vulnerabilities. However, the presence of a dangerous `unserialize` function, coupled with a substantial number of unsanitized taint flows, particularly those of high severity, raises serious red flags regarding potential deserialization and code execution vulnerabilities. The large number of unprotected AJAX handlers and REST API routes further expands the attack surface, making these entry points prime targets for exploitation if authorization checks are insufficient.

The plugin's vulnerability history is a major concern, with a staggering 57 known CVEs. While there are currently no unpatched vulnerabilities, the sheer volume and the prevalence of critical and high-severity past issues, including deserialization, XSS, CSRF, and SQL injection, strongly suggest recurring security weaknesses in the development lifecycle. This pattern indicates a persistent struggle with robust input validation and secure coding practices across various vulnerability types. The last reported vulnerability in 2026 also suggests a potential for newly discovered issues or a lag in security patching if the codebase remains stagnant.

In conclusion, while Quiz Master Next v10.3.5 shows some strengths in output sanitization and SQL query handling, the identified risks in its code analysis (unprotected entry points, dangerous functions, high-severity taint flows) and its extensive history of critical and high-severity vulnerabilities paint a picture of a plugin that requires significant attention to security. The potential for deserialization attacks and exploitation of its broad unprotected attack surface are the most pressing threats, compounded by the historical tendency for severe security flaws.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Dangerous function: unserialize
  • High severity unsanitized taint flows
  • High number of critical/high past CVEs
  • Large attack surface
Vulnerabilities
57

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
1 CVE in 2016
2016
2 CVEs in 2019
2019
4 CVEs in 2020
2020
6 CVEs in 2021
2021
16 CVEs in 2022
2022
10 CVEs in 2023
2023
7 CVEs in 2024
2024
5 CVEs in 2025
2025
5 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
4
High
11
Medium
42

57 total CVEs

CVE-2025-67987medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Quiz And Survey Master <= 10.3.1 - Authenticated (Subscriber+) SQL Injection

Jan 28, 2026 Patched in 10.3.2 (6d)
CVE-2026-24358medium · 4.3Missing Authorization

Quiz And Survey Master <= 10.3.3 - Missing Authorization

Jan 8, 2026 Patched in 10.3.4 (27d)
CVE-2025-9637medium · 6.5Missing Authorization

Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads

Jan 5, 2026 Patched in 10.3.2 (1d)
CVE-2025-9318medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Quiz and Survey Master (QSM) <= 10.3.1 - Authenticated (Subscriber+) SQL Injection via `is_linking` Query Parameter

Jan 5, 2026 Patched in 10.3.2 (1d)
CVE-2025-9294medium · 4.3Improper Authorization

Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion

Jan 5, 2026 Patched in 10.3.2 (60d)
CVE-2025-63054medium · 5.3Missing Authorization

Quiz And Survey Master <= 10.3.2 - Missing Authorization

Nov 30, 2025 Patched in 10.3.3 (38d)
CVE-2025-49401high · 8.1Deserialization of Untrusted Data

Quiz And Survey Master <= 10.2.5 - Unauthenticated PHP Object Injection

Sep 3, 2025 Patched in 10.2.6 (9d)
CVE-2025-55708medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Quiz And Survey Master <= 10.2.4 - Authenticated (Contributor+) SQL Injection

Aug 14, 2025 Patched in 10.2.5 (6d)
CVE-2025-6790medium · 4.3Cross-Site Request Forgery (CSRF)

Quiz and Survey Master (QSM) <= 10.2.2 - Cross-Site Request Forgery to Template Creation

Jul 24, 2025 Patched in 10.2.3 (33d)
CVE-2024-10679medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz and Survey Master (QSM) <= 9.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 11, 2025 Patched in 9.2.1 (36d)
CVE-2024-8758medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz and Survey Master (QSM) <= 9.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Sep 2, 2024 Patched in 9.1.3 (33d)
CVE-2024-6879medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz and Survey Master (QSM) <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 5, 2024 Patched in 9.1.1 (24d)
CVE-2024-6390medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz and Survey Master <= 9.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 13, 2024 Patched in 9.1.0 (28d)
CVE-2024-6025medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz and Survey Master <= 9.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 20, 2024 Patched in 9.0.5 (9d)
CVE-2024-4934medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker <= 9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 10, 2024 Patched in 9.0.2 (23d)
CVE-2024-3592critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection

Jun 6, 2024 Patched in 9.0.2 (28d)
CVE-2024-27966medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 8.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 13, 2024 Patched in 8.2.3 (8d)
CVE-2023-51521medium · 4.3Cross-Site Request Forgery (CSRF)

Quiz And Survey Master <= 8.1.18 - Cross-Site Request Forgery

Dec 27, 2023 Patched in 8.1.19 (27d)
CVE-2023-51507medium · 5.3Missing Authorization

Quiz And Survey Master <= 8.1.16 - Missing Authorization

Dec 27, 2023 Patched in 8.1.17 (27d)
CVE-2023-47834medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 8.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 16, 2023 Patched in 8.1.14 (68d)
WF-32173d38-7f85-4e0c-9b4c-38bee2783d77-quiz-master-nextmedium · 4.3Cross-Site Request Forgery (CSRF)

Quiz And Survey Master <= 8.1.15 - Cross-Site Request Forgery via 'display_results'

Sep 12, 2023 Patched in 8.1.16 (133d)
CVE-2023-3575medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 8.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Question Title

Jul 17, 2023 Patched in 8.1.11 (190d)
CVE-2023-37984medium · 5.3Improper Control of Interaction Frequency

Quiz And Survey Master <= 8.1.10 - Excessive Quiz Attempts

Jul 17, 2023 Patched in 8.1.11 (190d)
CVE-2023-28787critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Quiz and Survey Master <= 8.1.4 - Unauthenticated SQL Injection

Apr 16, 2023 Patched in 8.1.5 (282d)
CVE-2023-26524medium · 4.3Cross-Site Request Forgery (CSRF)

Quiz And Survey Master <= 8.0.10 - Cross-Site Request Forgery to Quiz Restoration

Feb 28, 2023 Patched in 8.1.0 (329d)
CVE-2023-0291high · 7.2Missing Authorization

Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion

Feb 15, 2023 Patched in 8.0.9 (342d)
CVE-2023-0292medium · 5.4Cross-Site Request Forgery (CSRF)

Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

Feb 8, 2023 Patched in 8.0.9 (349d)
CVE-2022-46862medium · 4.3Cross-Site Request Forgery (CSRF)

Quiz And Survey Master <= 8.0.7 - Cross-Site Request Forgery

Dec 16, 2022 Patched in 8.0.8 (403d)
CVE-2022-4032high · 7.2Improper Input Validation

Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer

Nov 29, 2022 Patched in 8.0.5 (420d)
CVE-2022-4033medium · 5.3Improper Input Validation

Quiz and Survey Master <= 8.0.4 - Improper Input Validation

Nov 16, 2022 Patched in 8.0.5 (433d)
WF-c829894f-05b8-4c65-9f3a-3a5d6e212cde-quiz-master-nexthigh · 8.8Cross-Site Request Forgery (CSRF)

Quiz And Survey Master <= 7.3.10 - Cross-Site Request Forgery

Oct 23, 2022 Patched in 7.3.11 (457d)
CVE-2021-36898high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection

Oct 21, 2022 Patched in 7.3.5 (459d)
CVE-2021-36906medium · 5.4Authorization Bypass Through User-Controlled Key

Quiz And Survey Master <= 7.3.6 - Insecure Direct Object Reference

Oct 21, 2022 Patched in 7.3.7 (459d)
CVE-2022-40698high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 7.3.10 - Unauthenticated Stored Cross-Site Scripting

Oct 21, 2022 Patched in 7.3.11 (459d)
CVE-2021-36864medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 7.3.4 - Reflected Cross-Site Scripting

Oct 21, 2022 Patched in 7.3.5 (459d)
CVE-2022-41652medium · 4.3Missing Authorization

Quiz And Survey Master <= 7.3.10 - Missing Authorization

Oct 21, 2022 Patched in 7.3.11 (459d)
CVE-2021-36905medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 7.3.4 - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 21, 2022 Patched in 7.3.5 (459d)
CVE-2021-36863medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 7.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 21, 2022 Patched in 7.3.5 (459d)
CVE-2022-42883medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Quiz And Survey Master <= 7.3.10 - Sensitive Information Disclosure

Oct 21, 2022 Patched in 7.3.11 (459d)
CVE-2021-36865medium · 5.4Authorization Bypass Through User-Controlled Key

Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 7.3.4 - Insecure Direct Object Reference

Sep 29, 2022 Patched in 7.3.5 (481d)
CVE-2022-0182medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 7.3.6 - Stored Cross-Site Scripting

Jan 12, 2022 Patched in 7.3.7 (741d)
CVE-2022-0180high · 8.8Cross-Site Request Forgery (CSRF)

Quiz And Survey Master <= 7.3.6 - Cross-Site Request Forgery

Jan 12, 2022 Patched in 7.3.7 (741d)
CVE-2022-0181medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 7.3.6 - Reflected Cross-Site Scripting

Jan 12, 2022 Patched in 7.3.7 (741d)
CVE-2021-24691medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 7.3.1 - Admin+ Stored Cross-Site Scripting

Sep 13, 2021 Patched in 7.3.2 (862d)
CVE-2021-20792medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz and Survey Master <= 7.1.13 - Cross-Site Scripting

Sep 13, 2021 Patched in 7.1.14 (862d)
WF-9c2883e6-2a90-46c7-ba42-cc078e4d1670-quiz-master-nextmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz and Survey Master <= 7.1.13 - SQL Injection

Aug 10, 2021 Patched in 7.1.14 (896d)
WF-4b468c0b-88ac-4ea8-97a9-08e206faf0fb-quiz-master-nextmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 7.1.18 - Cross-Site Scripting

Jun 3, 2021 Patched in 7.1.19 (964d)
CVE-2021-24368medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 7.1.17 - Reflected Cross-Site Scripting

Jun 3, 2021 Patched in 7.1.18 (964d)
CVE-2021-24221high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Quiz And Survey Master <= 7.1.11 - Authenticated SQL injection via shortcode

Mar 26, 2021 Patched in 7.1.12 (1033d)
WF-26140315-04c7-4056-a570-865cd4ffe85e-quiz-master-nextcritical · 9.8Unrestricted Upload of File with Dangerous Type

Quiz and Survey Master <= 7.0.1 - Arbitrary File Upload

Aug 29, 2020 Patched in 7.0.2 (1242d)
CVE-2020-35951high · 8.2Authorization Bypass Through User-Controlled Key

Quiz and Survey Master <= 7.0.0 - Unauthenticated Arbitrary File Deletion

Aug 3, 2020 Patched in 7.0.1 (1268d)
CVE-2020-35949critical · 9.8Unrestricted Upload of File with Dangerous Type

Quiz and Survey Master <= 7.0.0 - Arbitrary File Upload

Aug 3, 2020 Patched in 7.0.1 (1268d)
WF-3f378797-a7a7-4691-8d37-1caef454bb4f-quiz-master-nextmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz and Survey Master <= 6.4.12 - Stored Cross-Site Scripting

Jul 29, 2020 Patched in 7.0.0 (1273d)
CVE-2019-17599medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 6.3.4 - Reflected Cross-Site Scripting

Nov 13, 2019 Patched in 6.3.5 (1532d)
CVE-2019-9575medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quiz And Survey Master <= 6.2.1 - Cross-Site Scripting

Mar 5, 2019 Patched in 6.2.2 (1785d)
CVE-2016-11085high · 8.8Cross-Site Request Forgery (CSRF)

Quiz And Survey Master <= 4.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Dec 15, 2016 Patched in 4.7.9 (2595d)
WF-3a17b6ad-c778-4677-b5bd-6ffc9b425ba1-quiz-master-nexthigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Quiz And Survey Master < 4.4.4 - Multiple SQL Injections

Jul 16, 2015 Patched in 4.4.4 (3113d)
Code Analysis
Analyzed Mar 16, 2026

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Code Analysis

Dangerous Functions
1
Raw SQL Queries
119
351 prepared
Unescaped Output
161
2661 escaped
Nonce Checks
49
Capability Checks
68
File Operations
1
External Requests
6
Bundled Libraries
1

Dangerous Functions Found

unserialize$unserialized_value = unserialize( $value, array( 'allowed_classes' => false ) );php\template-variables.php:1652

Bundled Libraries

Select2

SQL Query Safety

75% prepared470 total queries

Output Escaping

94% escaped2822 total outputs
Data Flows
29 unsanitized

Data Flow Analysis

25 flows29 with unsanitized paths
qsm_options_emails_tab_template (php\admin\options-page-email-tab.php:183)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Attack Surface

Entry Points59
Unprotected12

AJAX Handlers 32

authwp_ajax_qsm_activate_pluginphp\admin\create-quiz-page.php:4
authwp_ajax_qsm_activate_plugin_ajax_handlerphp\admin\create-quiz-page.php:49
authwp_ajax_qsm_get_activated_themesphp\admin\create-quiz-page.php:52
authwp_ajax_qsm_insert_quiz_templatephp\admin\functions.php:1547
authwp_ajax_qsm_remove_my_templatesphp\admin\functions.php:1631
authwp_ajax_qsm_save_contactphp\admin\options-page-contact-tab.php:173
authwp_ajax_qsm_show_disabled_contact_fieldsphp\admin\options-page-contact-tab.php:211
authwp_ajax_qsm_unlink_question_from_listphp\admin\options-page-questions-tab.php:959
authwp_ajax_qsm_save_pagesphp\admin\options-page-questions-tab.php:1045
authwp_ajax_qsm_load_all_quiz_questionsphp\admin\options-page-questions-tab.php:1111
authwp_ajax_qsm_send_data_sendyphp\admin\options-page-questions-tab.php:1140
authwp_ajax_qsm_dashboard_delete_resultphp\admin\options-page-questions-tab.php:1192
authwp_ajax_qsm_delete_question_question_bankphp\admin\options-page-questions-tab.php:1273
authwp_ajax_qsm_delete_question_from_databasephp\admin\options-page-questions-tab.php:1327
authwp_ajax_qsm_bulk_delete_question_from_databasephp\admin\options-page-questions-tab.php:1408
authwp_ajax_save_new_categoryphp\admin\options-page-questions-tab.php:1486
authwp_ajax_qsm_get_question_text_messagephp\admin\options-page-text-tab.php:255
authwp_ajax_qsm_update_text_messagephp\admin\options-page-text-tab.php:292
authwp_ajax_qmn_question_type_changephp\classes\class-qmn-plugin-helper.php:82
authwp_ajax_qsm_validate_result_submissionphp\classes\class-qmn-plugin-helper.php:90
noprivwp_ajax_qsm_validate_result_submissionphp\classes\class-qmn-plugin-helper.php:91
authwp_ajax_qmn_process_quizphp\classes\class-qmn-quiz-manager.php:75
noprivwp_ajax_qmn_process_quizphp\classes\class-qmn-quiz-manager.php:76
noprivwp_ajax_qsm_create_quiz_noncephp\classes\class-qmn-quiz-manager.php:77
authwp_ajax_qsm_create_quiz_noncephp\classes\class-qmn-quiz-manager.php:78
authwp_ajax_qsm_export_dataphp\classes\class-qmn-quiz-manager.php:81
authwp_ajax_qsm_clear_audit_dataphp\classes\class-qmn-quiz-manager.php:84
noprivwp_ajax_qsm_ajax_loginphp\classes\class-qmn-quiz-manager.php:87
authwp_ajax_qsm_action_failed_submission_tablephp\classes\class-qmn-quiz-manager.php:90
authwp_ajax_qsm_check_fix_dbphp\classes\class-qmn-quiz-manager.php:93
authwp_ajax_enable_multiple_categoriesphp\classes\class-qsm-migrate.php:16
authwp_ajax_regenerate_api_keyphp\classes\class-qsm-quiz-api.php:17

REST API Routes 22

GET/wp-json/quiz-survey-master/v1/quiz/hierarchical-category-listblocks\block.php:300
GET/wp-json/quiz-survey-master/v1/quiz/advance-ques-type-upgrade-popupblocks\block.php:313
GET/wp-json/quiz-survey-master/v1/quiz/structureblocks\block.php:326
GET/wp-json/quiz-survey-master/v1/quiz/create_quizblocks\block.php:339
GET/wp-json/quiz-survey-master/v1/quiz/save_quizblocks\block.php:352
GET/wp-json/qsm/quiz(?:/(?P<quiz_id>\d+))?php\classes\class-qsm-quiz-api.php:22
GET/wp-json/qsm/quiz_result(?:/(?P<result_id>\d+))?php\classes\class-qsm-quiz-api.php:33
POST/wp-json/qsm/submitquiz/php\classes\class-qsm-quiz-api.php:44
GET/wp-json/qsm/get_questions/php\classes\class-qsm-quiz-api.php:55
GET/wp-json/quiz-survey-master/v1/questions/php\rest-api.php:17
GET/wp-json/quiz-survey-master/v1/questions/php\rest-api.php:28
GET/wp-json/quiz-survey-master/v1/questions/(?P<id>\d+)php\rest-api.php:39
GET/wp-json/quiz-survey-master/v1/questions/(?P<id>\d+)php\rest-api.php:50
GET/wp-json/quiz-survey-master/v1/quizzes/(?P<id>\d+)/resultsphp\rest-api.php:61
GET/wp-json/quiz-survey-master/v1/quizzes/(?P<id>\d+)/resultsphp\rest-api.php:72
GET/wp-json/quiz-survey-master/v1/quizzes/(?P<id>\d+)/emailsphp\rest-api.php:83
GET/wp-json/quiz-survey-master/v1/quizzes/(?P<id>\d+)/emailsphp\rest-api.php:94
GET/wp-json/qsm/list_quizphp\rest-api.php:106
GET/wp-json/qsm/list_results/(?P<id>\d+)php\rest-api.php:119
GET/wp-json/quiz-survey-master/v1/bank_questions/(?P<id>\d+)php\rest-api.php:131
GET/wp-json/quiz-survey-master/v1/quizzes/(?P<id>\d+)/categoriesphp\rest-api.php:143
GET/wp-json/quiz-survey-master/v2/quizzlist/php\rest-api.php:155

Shortcodes 5

[mlw_quizmaster] php\classes\class-qmn-quiz-manager.php:72
[qsm] php\classes\class-qmn-quiz-manager.php:73
[qsm_result] php\classes\class-qmn-quiz-manager.php:74
[qsm_link] php\shortcodes.php:54
[qsm_recent_quizzes] php\shortcodes.php:111
WordPress Hooks 162
actioninitblocks\block.php:33
actionenqueue_block_editor_assetsblocks\block.php:35
actionrest_api_initblocks\block.php:37
actionadmin_menumlw_quizmaster2.php:349
actionadmin_menumlw_quizmaster2.php:350
actionadmin_headmlw_quizmaster2.php:351
actioninitmlw_quizmaster2.php:352
actionadmin_initmlw_quizmaster2.php:354
filterparent_filemlw_quizmaster2.php:356
actionplugins_loadedmlw_quizmaster2.php:357
actionadmin_enqueue_scriptsmlw_quizmaster2.php:358
actionadmin_initmlw_quizmaster2.php:359
actionadmin_noticesmlw_quizmaster2.php:360
filtermanage_edit-qsm_category_columnsmlw_quizmaster2.php:361
actionadmin_footermlw_quizmaster2.php:1192
actionadmin_bar_menumlw_quizmaster2.php:1300
filterscript_loader_tagmlw_quizmaster2.php:1314
actioninitphp\admin\addons-page.php:203
actionadmin_enqueue_scriptsphp\admin\addons-page.php:418
actionupgrader_process_completephp\admin\admin-dashboard.php:450
actionadmin_initphp\admin\admin-dashboard.php:564
actionplugins_loadedphp\admin\admin-results-details-page.php:347
actioninitphp\admin\admin-results-page.php:84
actionwp_dashboard_setupphp\admin\dashboard-widgets.php:22
actionqmn_quiz_createdphp\admin\functions.php:22
actionadmin_initphp\admin\functions.php:50
actionadmin_initphp\admin\functions.php:259
actionadmin_initphp\admin\functions.php:818
actionadmin_initphp\admin\functions.php:875
actionadmin_page_access_deniedphp\admin\functions.php:889
actionqsm_global_settings_page_add_tab_afterphp\admin\functions.php:1843
actionqsm_global_settings_page_added_tab_contentphp\admin\functions.php:1936
actioninitphp\admin\options-page-contact-tab.php:18
actionadmin_footerphp\admin\options-page-contact-tab.php:170
actioninitphp\admin\options-page-email-tab.php:22
actionadmin_footerphp\admin\options-page-email-tab.php:80
actioninitphp\admin\options-page-option-tab.php:16
actioninitphp\admin\options-page-questions-tab.php:23
actionadmin_footerphp\admin\options-page-questions-tab.php:786
actioninitphp\admin\options-page-results-page-tab.php:21
actionadmin_footerphp\admin\options-page-results-page-tab.php:72
actioninitphp\admin\options-page-style-tab.php:26
actionadmin_menuphp\admin\options-page-style-tab.php:341
actioninitphp\admin\options-page-text-tab.php:17
actionadmin_footerphp\admin\quiz-options-page.php:290
actionadmin_noticesphp\admin\quizzes-page.php:39
actionload-edit.phpphp\admin\quizzes-page.php:40
filterget_edit_post_linkphp\admin\quizzes-page.php:41
filterviews_edit-qsm_quizphp\admin\quizzes-page.php:42
filtermanage_qsm_quiz_posts_columnsphp\admin\quizzes-page.php:43
actionmanage_qsm_quiz_posts_custom_columnphp\admin\quizzes-page.php:44
filterpost_row_actionsphp\admin\quizzes-page.php:45
filterbulk_actions-edit-qsm_quizphp\admin\quizzes-page.php:46
filterhandle_bulk_actions-edit-qsm_quizphp\admin\quizzes-page.php:47
actionmanage_posts_extra_tablenavphp\admin\quizzes-page.php:48
actionadmin_footerphp\admin\quizzes-page.php:49
actionadmin_initphp\admin\settings-page.php:37
actionadmin_initphp\admin\settings-page.php:38
filterpre_update_option_qmn-settingsphp\admin\settings-page.php:39
actionadmin_enqueue_scriptsphp\admin\settings-page.php:48
actioninitphp\admin\stats-page.php:63
actioninitphp\classes\class-qmn-log-manager.php:19
actioninitphp\classes\class-qmn-log-manager.php:21
actionadmin_initphp\classes\class-qmn-plugin-helper.php:83
actionqsm_saved_questionphp\classes\class-qmn-plugin-helper.php:84
actionqsm_saved_text_messagephp\classes\class-qmn-plugin-helper.php:85
actionqsm_saved_quiz_settingsphp\classes\class-qmn-plugin-helper.php:86
actionqsm_register_language_supportphp\classes\class-qmn-plugin-helper.php:88
filterqsm_language_supportphp\classes\class-qmn-plugin-helper.php:89
filterqsm_load_questions_by_pagesphp\classes\class-qmn-plugin-helper.php:1204
actioninitphp\classes\class-qmn-quiz-manager.php:86
filterwp_mail_content_typephp\classes\class-qmn-quiz-manager.php:2790
filterwp_mail_content_typephp\classes\class-qmn-quiz-manager.php:2896
filterqmn_begin_shortcodephp\classes\class-qmn-quiz-manager.php:3095
filterqmn_begin_shortcodephp\classes\class-qmn-quiz-manager.php:3128
filterqmn_begin_shortcodephp\classes\class-qmn-quiz-manager.php:3180
filterqmn_begin_quizphp\classes\class-qmn-quiz-manager.php:3220
filterqmn_begin_quizphp\classes\class-qmn-quiz-manager.php:3237
filterqmn_begin_quiz_formphp\classes\class-qmn-quiz-manager.php:3270
filterqmn_begin_quizphp\classes\class-qmn-quiz-manager.php:3282
filterqmn_begin_resultsphp\classes\class-qmn-quiz-manager.php:3302
filterwp_video_extensionsphp\classes\class-qmn-quiz-manager.php:3331
actionadmin_initphp\classes\class-qmn-review-message.php:34
actionadmin_noticesphp\classes\class-qmn-review-message.php:48
filterwp_mail_content_typephp\classes\class-qsm-emails.php:36
actionadmin_initphp\classes\class-qsm-install.php:30
filterplugin_row_metaphp\classes\class-qsm-install.php:32
actioninitphp\classes\class-qsm-install.php:33
actionrest_api_initphp\classes\class-qsm-quiz-api.php:16
actionadmin_noticesphp\classes\class-qsm-tracking.php:42
actionadmin_initphp\classes\class-qsm-tracking.php:43
actioninitphp\classes\class-qsm-tracking.php:44
actionplugins_loadedphp\default-templates.php:10
actionadmin_initphp\gdpr.php:14
filterwp_privacy_personal_data_exportersphp\gdpr.php:15
filterwp_privacy_personal_data_erasersphp\gdpr.php:16
actioninitphp\question-types.php:29
actioninitphp\question-types.php:30
actioninitphp\question-types.php:31
actioninitphp\question-types.php:32
actioninitphp\question-types.php:33
actioninitphp\question-types.php:34
actioninitphp\question-types.php:35
actioninitphp\question-types.php:36
actioninitphp\question-types.php:37
actioninitphp\question-types.php:38
actioninitphp\question-types.php:39
actioninitphp\question-types.php:40
actioninitphp\question-types.php:41
actioninitphp\question-types.php:42
actioninitphp\question-types.php:43
actioninitphp\question-types.php:282
actionrest_api_initphp\rest-api.php:9
actionwp_enqueue_scriptsphp\shortcodes.php:120
actionwp_headphp\shortcodes.php:207
filterqmn_end_shortcodephp\shortcodes.php:243
filterqmn_end_shortcodephp\shortcodes.php:260
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:19
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:20
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:21
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:22
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:23
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:24
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:25
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:26
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:27
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:28
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:29
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:30
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:31
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:32
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:33
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:34
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:35
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:36
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:37
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:38
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:39
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:40
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:41
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:42
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:43
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:44
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:45
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:46
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:47
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:48
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:49
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:50
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:51
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:52
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:53
filterqmn_end_resultsphp\template-variables.php:54
filtermlw_qmn_template_variable_quiz_pagephp\template-variables.php:55
filtermlw_qmn_template_variable_quiz_pagephp\template-variables.php:56
filtermlw_qmn_template_variable_quiz_pagephp\template-variables.php:57
filtermlw_qmn_template_variable_quiz_pagephp\template-variables.php:58
filtermlw_qmn_template_variable_quiz_pagephp\template-variables.php:59
filtermlw_qmn_template_variable_quiz_pagephp\template-variables.php:60
filtermlw_qmn_template_variable_results_pagephp\template-variables.php:61
filterqmn_end_resultsphp\template-variables.php:944
filterwp_kses_allowed_htmlphp\template-variables.php:1018
Maintenance & Trust

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 28, 2026
PHP min version5.4
Downloads3.1M

Community Trust

Rating94/100
Number of ratings1,277
Active installs40K
Alternatives

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Alternatives

Watu Quiz

Watu Quiz

watu

A
88

Creates exams, surveys, and quizzes with unlimited number of questions and answers. Mobile/touch - friendly.

3K 17 CVEs
Chained Quiz

Chained Quiz

chained-quiz

A
91

Create a quiz where the next question depends on the answer to the previous question. Final quiz results depend on the amount of collected points.

1K 24 CVEs
Quiz Creator – Easy Quiz, Survey & Test Maker

Quiz Creator – Easy Quiz, Survey & Test Maker

quiz-creator

A
100

Create and manage interactive quizzes with multiple question types, automatic scoring, timed quizzes, and email notifications.

20 No CVEs
Watu to MailChimp

Watu to MailChimp

watu-bridge-to-mailchimp

A
85

A bridge between the Watu Quiz plugin and MailChimp /*** This program is free software: you can redistribute it and/or modify it under the terms of &hellip;

10 No CVEs
WpCues Basic Quiz

WpCues Basic Quiz

wpcues-basic-quiz

A
100

Create math / html / multimedia rich quiz. Award Mozilla Open Badges, Create colorful charts / leader boards and sell your quizzes using stripe.

10 No CVEs
Developer Profile

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker Developer Profile

ExpressTech Systems

21 plugins · 122K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
560 days
View full developer profile
Detection Fingerprints

How We Detect Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quiz-master-next/css/style.css/wp-content/plugins/quiz-master-next/js/quiz_master_next.js/wp-content/plugins/quiz-master-next/js/public/quiz-master-next-frontend.js/wp-content/plugins/quiz-master-next/js/admin/quiz-master-next-admin.js/wp-content/plugins/quiz-master-next/css/admin/quiz-master-next-admin.css
Script Paths
/wp-content/plugins/quiz-master-next/js/quiz_master_next.js/wp-content/plugins/quiz-master-next/js/public/quiz-master-next-frontend.js/wp-content/plugins/quiz-master-next/js/admin/quiz-master-next-admin.js
Version Parameters
quiz-master-next/style.css?ver=quiz-master-next/js/quiz_master_next.js?ver=quiz-master-next/js/public/quiz-master-next-frontend.js?ver=quiz-master-next/js/admin/quiz-master-next-admin.js?ver=quiz-master-next/css/admin/quiz-master-next-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
qsm_custom_css
HTML Comments
QSM Debug InfoSTART QSM Debug InfoEND QSM Debug Info
Data Attributes
data-quiz_iddata-quiz_namedata-quiz_result_type
JS Globals
qsm_ajax_objectquiz_master_next_global
REST Endpoints
/wp-json/quizmaster_next/v1/quiz_data/wp-json/quizmaster_next/v1/quiz_submit
Shortcode Output
[quiz_master_next]
FAQ

Frequently Asked Questions about Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker