Headline
CVE-2021-36898: WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability - Patchstack
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
Verified
Fixed
9.1
CVSS 3.1 score Critical severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 7.3.4
PSID
481aa95e019b
Classification
SQL Injection
OWASP Top 10
A1: Injection
Required privilege
Requires high role user authentication.
Publicly disclosed
2022-10-21
Details
Auth. SQL Injection (SQLi) vulnerability discovered by Vlad Vector (Patchstack) in WordPress Quiz And Survey Master plugin (versions <= 7.3.4).
Solution
Update the WordPress Quiz And Survey Master plugin to the latest available version (at least 7.3.5).
References