CVE-2024-6028
📋 TL;DR
The Quiz Maker WordPress plugin contains a time-based SQL injection vulnerability in the 'ays_questions' parameter that allows unauthenticated attackers to execute arbitrary SQL queries. This can lead to extraction of sensitive database information like user credentials, quiz data, and other WordPress content. All WordPress sites using Quiz Maker versions up to 6.5.8.3 are affected.
💻 Affected Systems
- Quiz Maker WordPress Plugin
📦 What is this software?
Quiz Maker by Ays Pro
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including administrator credentials, sensitive user data, and potential privilege escalation leading to full site takeover.
Likely Case
Extraction of sensitive quiz data, user information, and potentially WordPress authentication credentials leading to unauthorized access.
If Mitigated
Limited impact with proper network segmentation, database permissions, and monitoring in place.
🎯 Exploit Status
Time-based SQL injection requires no authentication and can be automated with readily available tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.5.8.4
Vendor Advisory: https://wordpress.org/plugins/quiz-maker/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Quiz Maker plugin
4. Click 'Update Now' if available
5. If no update appears, manually download version 6.5.8.4+ from WordPress.org
6. Deactivate old plugin, upload new version, activate
🔧 Temporary Workarounds
Disable Quiz Maker Plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate quiz-maker
Web Application Firewall Rule
allBlock requests containing suspicious SQL injection patterns targeting the ays_questions parameter
🧯 If You Can't Patch
- Implement strict network access controls to limit plugin exposure
- Enable database query logging and monitoring for suspicious SQL patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Quiz Maker version number. If version is 6.5.8.3 or lower, you are vulnerable.Check Version:
wp plugin get quiz-maker --field=versionVerify Fix Applied:
Verify Quiz Maker plugin version is 6.5.8.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual database query patterns with time delays
- Multiple requests to quiz-maker endpoints with SQL-like parameters
- Database error logs showing malformed SQL
Network Indicators:
- HTTP requests containing 'ays_questions' parameter with SQL syntax
- Unusual timing patterns in responses from quiz endpoints
SIEM Query:
source="web_logs" AND uri="*quiz-maker*" AND (param="*ays_questions*" AND (value="*SLEEP*" OR value="*WAITFOR*" OR value="*BENCHMARK*"))🔗 References
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L4904
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L6901
- https://plugins.trac.wordpress.org/changeset/3103402/quiz-maker/tags/6.5.8.2/public/class-quiz-maker-public.php?old=3102679&old_path=quiz-maker%2Ftags%2F6.5.8.1%2Fpublic%2Fclass-quiz-maker-public.php
- https://plugins.trac.wordpress.org/changeset/3105555/quiz-maker/tags/6.5.8.4/public/class-quiz-maker-public.php?old=3104323&old_path=quiz-maker%2Ftags%2F6.5.8.3%2Fpublic%2Fclass-quiz-maker-public.php
- https://wordpress.org/plugins/quiz-maker/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ab340c65-35eb-4a85-8150-3119b46c7f35?source=cve
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L4904
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L6901
- https://plugins.trac.wordpress.org/changeset/3103402/quiz-maker/tags/6.5.8.2/public/class-quiz-maker-public.php?old=3102679&old_path=quiz-maker%2Ftags%2F6.5.8.1%2Fpublic%2Fclass-quiz-maker-public.php
- https://plugins.trac.wordpress.org/changeset/3105555/quiz-maker/tags/6.5.8.4/public/class-quiz-maker-public.php?old=3104323&old_path=quiz-maker%2Ftags%2F6.5.8.3%2Fpublic%2Fclass-quiz-maker-public.php
- https://wordpress.org/plugins/quiz-maker/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ab340c65-35eb-4a85-8150-3119b46c7f35?source=cve
