QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24801

Published: Nov 8, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues

Vendor	Product	Versions
Unknown	WP Survey Plus	affected `1.0 - <= 1.0`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.