The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/929ad37d-9cdb-4117-8cd3-cf7130a7c9d4 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-08-02 11:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-24456
Mitre link : CVE-2021-24456
CVE.ORG link : CVE-2021-24456
JSON object : View
Products Affected
ays-pro
- quiz_maker
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')