WordPress Plugin Vulnerabilities

SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection

Description

The last time it was checked the plugin was still affected and had been closed.

Affects Plugins

Plugin icon
slickquiz
No known fix

References

CVE
CVE-2019-12516
URL
https://packetstormsecurity.com/files/#154440/
URL
https://www.rcesecurity.com/2019/09/H1-4420-From-Quiz-to-Admin-Chaining-Two-0-Days-to-Compromise-an-Uber-Wordpress/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Julien Ahrens
Verified
No
WPVDB ID
66f99bce-6cbf-4757-870d-b279afa65e62

Timeline

Publicly Published
2019-09-10 (about 4 years ago)
Added
2019-09-11 (about 4 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2014-08-01
Title
MM Duplicate <= 1.2 - SQL Injection
Published
2021-07-24
Title
Simple Events Calendar <= 1.4.0 - Authenticated (admin+) SQL Injection
Published
2016-08-16
Title
Ninja Forms <= 2.9.55.1 - Authenticated SQL Injection
Published
2024-02-01
Title
Ninja Forms Contact Form < 3.7.2 - Unauthenticated Second Order SQL Injection
Published
2015-01-28
Title
Photo Gallery < 1.2.11 - Blind SQL Injection