CVE-2025-46242: 
WordPress vulnerability analysis and mitigation

The CVE-2025-46242 is a SQL Injection vulnerability affecting Bob Watu Quiz plugin versions through 3.4.3. The vulnerability was discovered and disclosed on April 22, 2025, allowing attackers to perform SQL injection attacks against affected WordPress installations (NVD, Patchstack).

The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). According to the CVSS 3.1 scoring, it received a base score of 4.9 (MEDIUM) from NVD with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, while Patchstack assessed it with a score of 7.6 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L (NVD).

The vulnerability could allow an attacker to directly interact with the database, potentially leading to unauthorized access to sensitive information. The CVSS scoring indicates high confidentiality impact with potential for limited availability impact (Patchstack).

The vulnerability has been fixed in version 3.4.4 of the Watu Quiz plugin. Users are advised to update to this version or later to remove the vulnerability. The issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).