Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Unauthenticated network SQLi (AV:N/AC:L/PR:N/UI:N) reads arbitrary DB data (C:H) but does not write or disrupt (I:N/A:N); DB is within the app's authority so S:U.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes.
Articles & Coverage 1
AnalysisAI
UNION-based SQL injection in the Quotes Llama WordPress plugin (all versions before 3.1.6) lets unauthenticated remote attackers inject arbitrary SQL through an unsanitized request parameter and read any data from the WordPress database, including user password hashes. Publicly available exploit code exists and a vendor patch has been released; the flaw carries a high EPSS-relevant profile because it is remotely reachable with no authentication or user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against default configurations of the Quotes Llama WordPress plugin (versions before 3.1.6), because the CVSS vector is AV:N/AC:L/PR:N/UI:N with no authentication or user interaction required. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote exploitability with no privileges or user interaction, and the impact is scoped to confidentiality (C:H, I:N, A:N) - reading data, not modifying it. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker sends a single crafted HTTP request to a WordPress site running Quotes Llama below 3.1.6, injecting a UNION-based payload into the vulnerable parameter. The response returns data from an appended SELECT, allowing the attacker to dump the wp_users table and harvest usernames and password hashes for offline cracking. … |
| Remediation | Vendor-released patch: update the Quotes Llama plugin to version 3.1.6 or later, which is the primary and complete fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all WordPress installations and identify those running the Quotes Llama plugin via admin dashboard or automated scanning tools. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Quotes Llama
View allSame weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44595
GHSA-ggv5-9w8q-wh8j