Conversation
supportHello, I got an email from my Plesk. It uses patchstack WordPress Quiz And Survey Master Plugin <= 10.2.5 is vulnerable to PHP Object Injection https://patchstack.com/database/wordpress/plugin/quiz-master-next/vulnerability/wordpress-quiz-and-survey-master-plugin-10-2-5-php-object-injection-vulnerability?_a_id=110 No official fix available Why is this?
Dear @piska , I hope you are doing well, and thank you for bringing this to our attention. We’ve received your report regarding a potential PHP object injection vulnerability. To ensure security, please make sure you are using the latest version of the QSM plugin (10.2.7), as it includes important security improvements. We have escalated this matter to our development team for further review, including verification of the report shared through Patchstack. Once we receive confirmation, we will provide an update with the official outcome or any additional steps that may be required. We appreciate your patience and cooperation while we investigate this further. Best regards, Dhanush
Dear @piska , I hope you’re doing well, apologies for the delay in getting back to you. Regarding the PHP Object Injection concern, we’d like to request a few more details so we can investigate this thoroughly. Could you kindly share the exact steps to reproduce the issue on your setup? This will help us replicate the situation on our end and ensure it is properly addressed. In the meantime, please also confirm that you are using the latest version of the QSM plugin, as we regularly release updates with improvements and fixes. We truly appreciate your cooperation and time in reporting this matter. Warm regards, Dhanush
Dear @piska , I hope you are doing well. I just wanted to follow up regarding the issue you reported with the vulnerability. Since we haven’t heard back from you for a while, we’ll consider this thread as resolved for now. If you’d like to continue the discussion, feel free to reply here and the topic will re-open. For any new questions, please create a new topic so we can keep each discussion focused and easier to follow. Thank you for your time and cooperation. Warm regards, Dhanush
Dear @piska , I hope you are doing well, and thank you for bringing this to our attention. We’ve received your report regarding a potential PHP object injection vulnerability. To ensure security, please make sure you are using the latest version of the QSM plugin (10.2.7), as it includes important security improvements. We have escalated this matter to our development team for further review, including verification of the report shared through Patchstack. Once we receive confirmation, we will provide an update with the official outcome or any additional steps that may be required. We appreciate your patience and cooperation while we investigate this further. Best regards, Dhanush
Dear @piska , I hope you’re doing well, apologies for the delay in getting back to you. Regarding the PHP Object Injection concern, we’d like to request a few more details so we can investigate this thoroughly. Could you kindly share the exact steps to reproduce the issue on your setup? This will help us replicate the situation on our end and ensure it is properly addressed. In the meantime, please also confirm that you are using the latest version of the QSM plugin, as we regularly release updates with improvements and fixes. We truly appreciate your cooperation and time in reporting this matter. Warm regards, Dhanush
Dear @piska , I hope you are doing well. I just wanted to follow up regarding the issue you reported with the vulnerability. Since we haven’t heard back from you for a while, we’ll consider this thread as resolved for now. If you’d like to continue the discussion, feel free to reply here and the topic will re-open. For any new questions, please create a new topic so we can keep each discussion focused and easier to follow. Thank you for your time and cooperation. Warm regards, Dhanush