7 matches found
CVE-2021-24764
The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripti...
WordPress Perfect Survey plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress Perfect Survey plugin in version 1.5.2 and prior versions suffers from a cross-site scripting vulnerability that stems from not validating and escaping the X-Forwarded-For header value,...
CVE-2021-24762
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...
CVE-2021-24764
The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripti...
WordPress plugin 跨站请求伪造漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Perfect Survey plugin in versions prior to 1.5.2 has a cross-site request forgery vulnerability, which stems from the absence of CSRF in the saveglobalsetting AJAX action check, an...
WordPress plugin 跨站脚本漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress Perfect Survey plugin in version 1.5.2 and prior versions suffers from a cross-site scripting vulnerability that stems from not validating and escaping the X-Forwarded-For header value,...
WordPress Perfect Survey plugin <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Perfect Survey plugin versions = 1.5.2. Solution Deactivate and delete. This plugin has been closed as of October 5, 2021 and is not available for download. Reason: Security Issue...