Arbitrary SQL Command Execution in Kiboko Chained Quiz Plugin for WordPress

Arbitrary SQL Command Execution in Kiboko Chained Quiz Plugin for WordPress

CVE-2018-14502 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.

Learn more about our Wordpress Pen Testing.