CVE-2014-5185

Name of the Vulnerable Software and Affected Versions Quartz plugin version 1.01.1 for WordPress

Description The issue allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands. This is achieved by exploiting the quote parameter in an edit action in the quartz/quote form.php page to wp-admin/edit.php.

Recommendations For Quartz plugin version 1.01.1, avoid using the quote parameter in the edit action until a patch is available. As a temporary workaround, consider restricting access to the quartz/quote form.php page for users with Contributor privileges to minimize the risk of exploitation.