WordPress Plugin Vulnerabilities

Quiz And Survey Master < 7.3.5 - Admin+ SQL Injection

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 7.3.5

References

CVE
CVE-2021-36898

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Vlad Vector
Verified
No
WPVDB ID
2bd0e29e-6c1c-4530-a67d-eb98c1e633bc

Timeline

Publicly Published
2022-10-21 (about 3 years ago)
Added
2022-10-29 (about 3 years ago)
Last Updated
2022-10-29 (about 3 years ago)

Other

Published
Title
Published
2025-10-17
Title
GSpeech TTS – WordPress Text To Speech Plugin < 3.18.0 - Authenticated (Admin+) SQL injection
Published
2014-08-01
Title
Facebook Promotions <= 1.3.3 - SQL Injection
Published
2025-11-23
Title
ArtPlacer Widget < 2.23 - Authenticated (Contributor+) SQL Injection
Published
2022-12-05
Title
Contest Gallery < 19.1.5 - Author+ SQL Injection
Published
2025-10-14
Title
WP Google Map Plugin <= 1.0 - Authenticated (Contributor+) SQL Injection