The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-07-02T06:00:03.377Z
Updated: 2024-08-01T21:18:06.591Z
Reserved: 2024-06-03T19:18:38.689Z
Link: CVE-2024-5606
Vulnrichment
Updated: 2024-08-01T21:18:06.591Z
NVD
Status : Modified
Published: 2024-07-02T06:15:04.760
Modified: 2024-11-21T09:48:00.483
Link: CVE-2024-5606
Redhat
No data.