CVE-2024-10628

Name of the Vulnerable Software and Affected Versions The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 8.8.0 and earlier (Business) The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 21.8.0 and earlier (Developer) The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 31.8.0 and earlier (Agency)

Description The issue is related to SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Recommendations The Quiz Maker Business plugin for WordPress version 8.8.0 and earlier should update to a version later than 8.8.0 to resolve the issue. The Quiz Maker Developer plugin for WordPress version 21.8.0 and earlier should update to a version later than 21.8.0 to resolve the issue. The Quiz Maker Agency plugin for WordPress version 31.8.0 and earlier should update to a version later than 31.8.0 to resolve the issue.