CVE-2018-14502: 
WordPress vulnerability analysis and mitigation

The Kiboko Chained Quiz plugin before version 1.0.9 for WordPress contains a critical SQL injection vulnerability (CVE-2018-14502). This vulnerability allows remote unauthenticated users to execute arbitrary SQL commands through the 'answer' and 'answers' parameters in the controllers/quizzes.php file (NVD).

The vulnerability is classified as a SQL injection with a CVSS v3.1 Base Score of 9.8 (CRITICAL), indicating its severe nature. The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), and requires no user interaction (UI:N). The scope is unchanged (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD, WPScan).

The vulnerability allows unauthenticated attackers to execute arbitrary SQL commands against the WordPress database. This could lead to unauthorized access to sensitive data, manipulation of database contents, and potential compromise of the entire WordPress installation (NVD).

Users should immediately upgrade to Chained Quiz version 1.0.9 or later to remediate this vulnerability. The fix was implemented as part of the plugin's security updates (WordPress Plugin).