SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection



Description
Plugin is still affected and has been closed.

Affects Plugin

References

CVE 2019-12516
PACKETSTORM 154440
URL https://www.rcesecurity.com/2019/09/H1-4420-From-Quiz-to-Admin-Chaining-Two-0-Days-to-Compromise-an-Uber-Wordpress/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Julien Ahrens
Views 2158
Verified No
WPVDB ID 9879

Timeline

Publicly Published 2019-09-10 (13 days ago)
Added 2019-09-11 (12 days ago)
Last Updated 2019-09-12 (11 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin