The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard
                
            References
                    | Link | Resource | 
|---|---|
| https://wpscan.com/vulnerability/929ad37d-9cdb-4117-8cd3-cf7130a7c9d4 | Third Party Advisory | 
| https://wpscan.com/vulnerability/929ad37d-9cdb-4117-8cd3-cf7130a7c9d4 | Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2021-08-02 11:15
Updated : 2024-11-21 05:53
NVD link : CVE-2021-24456
Mitre link : CVE-2021-24456
CVE.ORG link : CVE-2021-24456
JSON object : View
Products Affected
                ays-pro
- quiz_maker
CWE
                
                    
                        
                        CWE-89
                        
            Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
