CVE-2014-5185

Quartz Plugin - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.

Exploits (1)

github WORKING POC 3 stars

by certuscyber · pythonpoc

https://github.com/certuscyber/cve-pocs/tree/main/CVE-2014-5185

View Code ZIP pw:eip

References (1)

[Exploit] http://codevigilant.com/disclosure/wp-plugin-quartz-a1-injection

Scores

EPSS 0.0355

EPSS Percentile 87.7%

Details

CWE

CWE-89

Status published

Products (1)

quartz_plugin_project/quartz_plugin 1.01.1

Published Aug 06, 2014

Tracked Since Feb 18, 2026