CVE-2014-5185

quartz_plugin 1.01.1 - Authenticated SQL Injection via Quote Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5185. PoCs published by certuscyber.

AI-analyzed exploit summary The repository contains a functional Python-based PoC for CVE-2014-5185, a UNION-based SQL injection vulnerability in the WordPress Quartz plugin. The exploit authenticates to WordPress, then injects SQL payloads via the 'quote' parameter to extract database version information.

Description

SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.

Exploits (1)

github WORKING POC 3 stars

by certuscyber · pythonpoc

https://github.com/certuscyber/cve-pocs/tree/main/CVE-2014-5185

View Code ZIP pw:eip

The repository contains a functional Python-based PoC for CVE-2014-5185, a UNION-based SQL injection vulnerability in the WordPress Quartz plugin. The exploit authenticates to WordPress, then injects SQL payloads via the 'quote' parameter to extract database version information.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress Quartz plugin <= 1.01.1

Auth required

Prerequisites: WordPress installation with Quartz plugin <= 1.01.1 · Valid WordPress credentials (contributor role or higher)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://codevigilant.com/disclosure/wp-plugin-quartz-a1-injection

Scores

EPSS 0.0194

EPSS Percentile 77.5%

Details

CWE

CWE-89

Status published

Products (1)

quartz_plugin_project/quartz_plugin 1.01.1

Published Aug 06, 2014

Tracked Since Feb 18, 2026