WordPress Watu Quiz plugin <= 3.4.2 - SQL Injection vulnerability
CVE-2024-53792

8.5HIGH

Key Information:

Vendor: WordPress
Status: Watu Quiz
Vendor: CVE Published:; 2 December 2024

Summary

A vulnerability exists in Watu Quiz, developed by Kiboko Labs, which allows an attacker to perform SQL Injection due to improper neutralization of special elements in an SQL command. This security flaw can potentially lead to unauthorized access to the database, manipulation of queries, and exposure of sensitive information. Affected versions include all prior to and including 3.4.2, necessitating immediate attention and remediation to safeguard against potential data breaches.

Affected Version(s)

Watu Quiz <= 3.4.2

References

https://patchstack.com/database/wordpress/plugin/watu/vul...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)