CVE-2023-28787: Critical Unauthenticated SQL Injection Vulnerability Discovered in Popular WordPress Quiz And Survey Master Plugin
Quiz and Survey Master, a widely-used WordPress plugin with over 40,000 active installations, is now facing a critical security vulnerability. Known for its capability to create engaging content such as viral quizzes, trivia quizzes, and surveys, the plugin is an essential marketing tool for many websites. However, researcher Rafie Muhammad from Patchstack has discovered an unauthenticated SQL Injection vulnerability in the plugin, which could enable malicious actors to directly interact with a website’s database and potentially steal sensitive information. The vulnerability has been assigned the identifier CVE-2023-28787 and given a CVSS score of 9.3, making it a critical risk.
Vulnerable Versions and Patch
The vulnerability was first discovered in version 8.1.2 of the Quiz and Survey Master plugin. The developers have addressed the issue and released a fix in version 8.1.5. Users are strongly advised to update their plugin to this version to mitigate the risk of exploitation.
Technical Analysis
The vulnerable code exists in the load_questions function, which is responsible for displaying a list of questions in the plugin. The code first checks if the quiz settings have the randomness option enabled and constructs the $question_sql variable directly from $_COOKIE[ ‘question_ids_’.$quiz_id] if provided. Subsequently, the $question_sql variable is concatenated to the $order_by_sql variable.
Both the $question_sql and $order_by_sql variables are supplied to the $query variable using $wpdb->prepare as the first and third parameters. However, since the SQL Injection payload that resides in $question_sql and $order_by_sql is not formatted inside quotes, it is possible for an attacker to construct a quote-less payload, ultimately triggering the SQL Injection.
Impact and Mitigation
The exploitation of the CVE-2023-28787 vulnerability could allow a malicious actor to directly interact with a website’s database, potentially stealing sensitive information or causing other damage. Considering the high number of active installations, the impact of this vulnerability is significant.
To mitigate the risk, users should promptly update their Quiz and Survey Master plugin to version 8.1.5 or later. Website administrators and plugin users must remain vigilant and stay up-to-date with the latest security patches to ensure their site remains secure and their user data is protected from potential attacks exploiting this critical flaw.