CVE-2021-24456

CWE-89 — SQL Injection3 documents3 sources

Severity

7.2HIGH

EPSS

0.6%

top 29.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AYS PRO Quiz Maker Ays-pro Quiz Maker

Timeline

PublishedAug 2

Latest updateMay 24

Description

The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ays_pro/quiz_maker6.2.0.9 — 6.2.0.9

▶NVDays-pro/quiz_maker< 6.2.0.9

🔴Vulnerability Details

GHSA

GHSA-3454-mhwg-vp35: The Quiz Maker WordPress plugin before 6↗2022-05-24

▶

CVEList

Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections↗2021-08-02

▶