ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Chained Quiz plugin <= 1.0.8 - Unauthenticated SQL Injection (SQLi) vulnerability

Product
Chained Quiz
Description
Unauthenticated SQL Injection (SQLi) vulnerability found by Qlirim Emini in WordPress Chained Quiz plugin (versions <= 1.0.8).
Solution
Update the WordPress Chained Quiz plugin to the latest available version (at least 1.0.9).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-2018-14502
Versions
Affected In <= 1.0.8
Fixed In 1.0.9
Disclosure date
2018-08-28
Credits
Qlirim Emini
Submitter
ThreatPress