CVE-2019-12516

EUVD-2019-4111
The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
slickquiz_projectslickquiz
𝑥
≤ 1.3.7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/154440/WordPress-SlickQuiz-1.3.7.1-SQL-Injection.html
https://wordpress.org/plugins/slickquiz/#developers
http://packetstormsecurity.com/files/154440/WordPress-SlickQuiz-1.3.7.1-SQL-Injection.html
https://wordpress.org/plugins/slickquiz/#developers