SQL Injection Vulnerability in mTouch Quiz Plugin for WordPress
CVE-2014-100022

Currently unrated

Key Information:

Vendor: Wordpress
Status: Mtouch Quiz
Vendor: CVE Published:; 13 January 2015

Summary

The mTouch Quiz plugin for WordPress is susceptible to an SQL injection vulnerability that enables remote attackers to execute arbitrary SQL commands. This vulnerability is specifically present in the question.php file, impacting versions prior to 3.0.7. By manipulating the quiz parameter in requests to wp-admin/edit.php, an attacker could potentially gain unauthorized access to sensitive data or modify the underlying database. It is crucial for users of the mTouch Quiz plugin to update to the latest version to mitigate this risk.

References

http://secunia.com/advisories/57491

third-party-advisoryx_refsource_SECUNIA

https://wordpress.org/plugins/mtouch-quiz/changelog/

x_refsource_CONFIRM

https://security.dxw.com/advisories/admin-xss-and-sqli-in...

x_refsource_MISC

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015