CVE-2021-24762
- EPSS 85.68%
- Veröffentlicht 01.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:42
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
CVE-2021-24763
- EPSS 0.54%
- Veröffentlicht 01.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:43
The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escapin...
CVE-2021-24764
- EPSS 0.21%
- Veröffentlicht 01.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:43
The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the adm...
CVE-2021-24765
- EPSS 3.23%
- Veröffentlicht 01.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:43
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripti...