CVE-2025-10042
📋 TL;DR
The Quiz Maker WordPress plugin is vulnerable to SQL injection via spoofed IP headers in versions up to 6.7.0.56. Unauthenticated attackers can exploit this to extract sensitive database information when the server uses user-supplied IP fields like X-Forwarded-For and IP-based user limits are enabled. This affects WordPress sites using vulnerable plugin versions with specific server configurations.
💻 Affected Systems
- Quiz Maker WordPress Plugin
📦 What is this software?
Quiz Maker by Ays Pro
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of user credentials, personal data, and administrative access leading to site takeover.
Likely Case
Extraction of sensitive quiz data, user information, and potentially WordPress user credentials from the database.
If Mitigated
No impact if proper input validation and prepared statements are implemented, or if vulnerable configurations are disabled.
🎯 Exploit Status
Exploitation requires specific server configuration and understanding of SQL injection techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.7.0.57 and later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.57
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Quiz Maker plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 6.7.0.57+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable IP-based user limits
allTurn off the plugin feature that uses IP addresses to limit user access
Configure server to use trusted IP sources
allEnsure server only uses reliable IP sources (not user-supplied headers like X-Forwarded-For)
🧯 If You Can't Patch
- Disable the Quiz Maker plugin entirely until patched
- Implement web application firewall (WAF) rules to block SQL injection attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Quiz Maker for version number. If version is 6.7.0.56 or lower, you are vulnerable.Check Version:
wp plugin list --name=quiz-maker --field=versionVerify Fix Applied:
After updating, verify plugin version shows 6.7.0.57 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts from same IP with varied X-Forwarded-For headers
- Unexpected database access patterns
Network Indicators:
- HTTP requests with SQL injection payloads in X-Forwarded-For headers
- Unusual traffic to quiz-related endpoints
SIEM Query:
source="web_logs" AND (uri="*quiz-maker*" OR uri="*wp-content/plugins/quiz-maker*") AND (http_header="*X-Forwarded-For*" AND (http_header="*UNION*" OR http_header="*SELECT*" OR http_header="*INSERT*" OR http_header="*DELETE*"))🔗 References
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.52/public/class-quiz-maker-public.php
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.52/public/class-quiz-maker-public.php#L7145
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.7.0.57/public/class-quiz-maker-public.php#L7149
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4eeae6dd-a41f-4878-aa92-064ec78367d7?source=cve
