WordPress Plugin Vulnerabilities

Q and A - Authenticated SQL Injection

Description

Can be exploited remotely by combining with Cross-Site Request Forgery (CSRF).

Affects Plugins

Plugin icon
q-and-a
No known fix

References

URL
https://hackerone.com/reports/135288

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
1d075d20-ab5b-4a82-bdf7-ff747aa38883

Timeline

Publicly Published
2016-08-23 (about 9 years ago)
Added
2016-08-29 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-09-26
Title
Multi Step for Contact Form < 2.7.8 - Unauthenticated SQL Injection
Published
2024-04-12
Title
CBX Bookmark & Favorite < 1.7.21 - Admin+ SQLi
Published
2023-04-07
Title
Spiffy Calendar < 4.9.2 - SQL Injection
Published
2014-08-01
Title
Event Registration <= 5.44 - SQL Injection
Published
2024-12-14
Title
Service <= 1.0.4 - Authenticated (Subscriber+) SQL Injection