Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to