CVE-2021-24801

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues
Configurations

Configuration 1 (hide)

cpe:2.3:a:wp_survey_plus_project:wp_survey_plus:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:53

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d - Exploit, Third Party Advisory

30 Jul 2022, 12:11

Type Values Removed Values Added
CWE CWE-79

10 Nov 2021, 15:29

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-08 18:15

Updated : 2024-11-21 05:53


NVD link : CVE-2021-24801

Mitre link : CVE-2021-24801

CVE.ORG link : CVE-2021-24801


JSON object : View

Products Affected

wp_survey_plus_project

  • wp_survey_plus
CWE
CWE-284

Improper Access Control

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-352

Cross-Site Request Forgery (CSRF)