WordPress Plugin Vulnerabilities

Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API

Description

While confirming https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab, another SQLi issue was identified and reported. The qsm_rest_get_bank_questions() function in the php/rest-api.php file did not property sanitise and escape the category parameter before using it in SQL statements passed to the get_row() and get_results() DB calls, allowing users with the edit_post capability (author+) to perform SQL injections.

Other SQLi issues were also identified by the WordPress plugin team

Proof of Concept

Affects Plugins

Plugin icon
quiz-master-next
Fixed in 7.1.14

References

URL
https://plugins.trac.wordpress.org/changeset/2503364/quiz-master-next

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.8 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
ee90f784-f17b-4268-9443-8f29e58d2ee1

Timeline

Publicly Published
2021-03-26 (about 4 years ago)
Added
2021-03-26 (about 4 years ago)
Last Updated
2021-03-26 (about 4 years ago)

Other

Published
Title
Published
2022-02-18
Title
Zero Spam < 5.2.11 - Admin+ SQL Injection
Published
2021-01-18
Title
301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection
Published
2023-02-17
Title
WP Coder < 2.5.4 - Admin+ SQLi
Published
2022-01-04
Title
Futurio Extra < 1.6.3 - Authenticated SQL Injection
Published
2022-05-09
Title
Logo Slider <= 1.4.8 - Admin+ SQLi