CVE-2024-53792: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability was identified in Kiboko Labs' Watu Quiz WordPress plugin, tracked as CVE-2024-53792. The vulnerability affects versions up to 3.4.1.2 and was discovered by researcher Trương Hữu Phúc. The issue was reported on July 23, 2024, and publicly disclosed on November 29, 2024 (Patchstack).

The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and has received a CVSS v3.1 base score of 8.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L. The vulnerability requires Contributor or higher privileges to exploit (Patchstack).

This SQL injection vulnerability could allow a malicious actor with contributor-level access to directly interact with the database, potentially leading to unauthorized data access and information theft. The high CVSS score indicates significant potential impact, particularly in terms of data confidentiality (Patchstack).

The vulnerability has been patched in version 3.4.1.3 of the Watu Quiz plugin. Users are advised to update to this version or later to remediate the security issue. Patchstack users can enable auto-update functionality for vulnerable plugins as an additional security measure (Patchstack).