CVE-2025-55708: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2025-55708) was discovered in ExpressTech Systems' Quiz And Survey Master plugin affecting versions through 10.2.4. The vulnerability was reported by Phat RiO - BlueRock on July 16, 2025, and was publicly disclosed on August 14, 2025 (Patchstack).

The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) with a CVSS v3.1 base score of 8.5 (High). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is changed (S:C) with high impact on confidentiality (C:H), no impact on integrity (I:N), and low impact on availability (A:L) (NVD, Patchstack).

The SQL injection vulnerability could allow a malicious actor to directly interact with the database, potentially leading to unauthorized access to sensitive information stored in the database. The high confidentiality impact rating suggests that the vulnerability could result in significant data exposure (Patchstack).

Users are advised to update to version 10.2.5 or later to remediate this vulnerability. The security issue has been patched in the latest release (Patchstack).