WordPress Plugin Vulnerabilities

Quartz Plugin 1.01.1 - SQL Injection

Description

The quartz WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
quartz
No known fix

References

CVE
CVE-2014-5185
URL
https://codevigilant.com/disclosure/wp-plugin-quartz-a1-injection/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d0c0f46f-f8df-4aaf-8509-e944ed89e84c

Timeline

Publicly Published
2014-09-27 (about 11 years ago)
Added
2014-09-27 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2018-11-29
Title
LoginPress <= 1.1.15 - Authenticated Blind SQL Injection
Published
2025-02-24
Title
Bravo Search & Replace <= 1.0 - Authenticated (Administrator+) SQL Injection
Published
2023-11-21
Title
Login Lockdown < 2.07 - Administrator+ SQL Injection
Published
2025-07-09
Title
Events Manager < 7.0.4 - Unauthenticated SQL Injection via `orderby` Parameter
Published
2020-11-20
Title
Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections