CVE-2021-24456: Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections
First published: Mon Aug 02 2021(Updated: )
The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ays-pro Quiz Maker | <6.2.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-24456?
CVE-2021-24456 is a vulnerability in the Quiz Maker WordPress plugin that allows SQL injection issues in the admin dashboard.
How severe is CVE-2021-24456?
CVE-2021-24456 has a severity level of 7.2 (high).
How does CVE-2021-24456 affect the Quiz Maker WordPress plugin?
CVE-2021-24456 affects Quiz Maker WordPress plugin versions up to and exclusive of 6.2.0.9.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2021-24456?
The Common Weakness Enumeration (CWE) ID associated with CVE-2021-24456 is CWE-89 (SQL Injection).
Is there a fix available for CVE-2021-24456?
Yes, upgrading to version 6.2.0.9 or later of the Quiz Maker WordPress plugin fixes the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/ays-pro
- canonical/ays-pro quiz maker