CVE-2025-6739

Name of the Vulnerable Software and Affected Versions: WPQuiz plugin for WordPress versions up to, and including, 0.4.2

Description: The issue allows authenticated attackers with Contributor-level access and above to perform SQL Injection via the id attribute of the wpquiz shortcode. This is due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query, making it possible to extract sensitive information from the database.

Recommendations: For WPQuiz plugin for WordPress versions up to, and including, 0.4.2, update to a version that addresses the SQL Injection issue, as the current version allows for the exploitation of sensitive database information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.