WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wire_plastic_design | wpquiz | 2.60b3 |
| wire_plastic_design | wpquiz | 2.60b5 |
| wire_plastic_design | wpquiz | 2.60b6 |
| wire_plastic_design | wpquiz | 2.60b1 |
| wire_plastic_design | wpquiz | 2.60b2 |
| wire_plastic_design | wpquiz | 2.60b8 |
| wire_plastic_design | wpquiz | 2.60b4 |
| wire_plastic_design | wpquiz | 2.60b7 |
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wire_plastic_design | wpquiz | 2.7 |