The Quasar form plugin for WordPress has a security issue in versions up to 6.1. If someone with subscriber-level access or higher uses the plugin, they can add additional SQL queries which can be used to access sensitive information from the database. This happens because the plugin doesn’t escape the user supplied parameter and doesn’t prepare the existing SQL query properly.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
