Arbitrary SQL Command Execution in Kiboko Chained Quiz Plugin for WordPress
CVE-2018-14502 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.
Learn more about our Wordpress Pen Testing.