Lucene search
HistoryJul 02, 2024 - 6:15 a.m.
CVE-2024-5606
wordpress
plugin
sql injection
security vulnerability
ajax action
contributor role
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.5%
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role
Affected configurations
Node
expresstechquiz_and_survey_masterRange<9.0.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| expresstech | quiz_and_survey_master | * | cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
CVE-2024-5606 Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
2024-07-02 06:00:03
wpexploit
wpexploit
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
2024-06-10 00:00:00
vulnrichment
vulnrichment
CVE-2024-5606 Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
2024-07-02 06:00:03
osv
osv
CVE-2024-5606
2024-07-02 06:15:04
wpvulndb
wpvulndb
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
2024-06-10 00:00:00
cve
cve
CVE-2024-5606
2024-07-02 06:15:04
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.5%
Related for NVD:CVE-2024-5606