CVE-2021-24456

HIGH

Quiz Maker WordPress plugin < 6.2.0.9 - Authenticated SQL Injection via Order and Orderby Parameters

Title source: llm
STIX 2.1

Description

The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard

References (1)

Core 1
Core References

Scores

CVSS v3 7.2
EPSS 0.0129
EPSS Percentile 67.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
ays-pro/quiz_maker < 6.2.0.9
Published Aug 02, 2021
Tracked Since Feb 18, 2026