Lucene search

CVE-2021-24221

🗓️ 12 Apr 2021 14:15:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 25 Views🌐 WEB

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 allows SQL injection via result_id GET parameter

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
Prion	Sql injection	12 Apr 202114:15	–	prion
WPVulnDB	Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode	26 Mar 202100:00	–	wpvulndb
NVD	CVE-2021-24221	12 Apr 202114:15	–	nvd
Cvelist	CVE-2021-24221 Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode	12 Apr 202114:03	–	cvelist
CNVD	WordPress plugin SQL injection vulnerability (CNVD-2021-34528)	14 Apr 202100:00	–	cnvd
wpexploit	Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode	26 Mar 202100:00	–	wpexploit

Nvd

Vulners

Node

expresstech quiz_and_survey_masterRange<7.1.12wordpress

[
  {
    "product": "Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "7.1.12",
        "status": "affected",
        "version": "7.1.12",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab
plugins	www.plugins.trac.wordpress.org/changeset/2479603/

Parameter	Position	Path	Description	CWE
result_id	query param	/?result_id=0	SQL injection vulnerability due to unsanitized result_id GET parameter in [qsm_result] shortcode.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Apr 2021 14:15Current

9.2High risk

Vulners AI Score9.2

CVSS26.5

CVSS38.8

EPSS0.02655

CWE-89