The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d - Exploit, Third Party Advisory |
30 Jul 2022, 12:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 |
10 Nov 2021, 15:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-08 18:15
Updated : 2024-11-21 05:53
NVD link : CVE-2021-24801
Mitre link : CVE-2021-24801
CVE.ORG link : CVE-2021-24801
JSON object : View
Products Affected
wp_survey_plus_project
- wp_survey_plus