Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:0 p.m.7 views

CVE-2021-24764

The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripti...

6.1CVSS6.2AI score0.008EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.21 views

WordPress Perfect Survey plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress Perfect Survey plugin in version 1.5.2 and prior versions suffers from a cross-site scripting vulnerability that stems from not validating and escaping the X-Forwarded-For header value,...

6.1CVSS1.8AI score0.01405EPSS
Exploits2References1
OSV
OSV
added 2022/02/01 1:15 p.m.5 views

CVE-2021-24762

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...

9.8CVSS7.3AI score0.86896EPSS
Exploits7References2
OSV
OSV
added 2022/02/01 1:15 p.m.5 views

CVE-2021-24764

The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripti...

6.1CVSS5.8AI score0.008EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.3 views

WordPress plugin 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Perfect Survey plugin in versions prior to 1.5.2 has a cross-site request forgery vulnerability, which stems from the absence of CSRF in the saveglobalsetting AJAX action check, an...

8.8CVSS5.5AI score0.00644EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.4 views

WordPress plugin 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress Perfect Survey plugin in version 1.5.2 and prior versions suffers from a cross-site scripting vulnerability that stems from not validating and escaping the X-Forwarded-For header value,...

6.1CVSS5.4AI score0.01405EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/10/05 12:0 a.m.19 views

WordPress Perfect Survey plugin <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Perfect Survey plugin versions = 1.5.2. Solution Deactivate and delete. This plugin has been closed as of October 5, 2021 and is not available for download. Reason: Security Issue...

6.1CVSS3AI score0.01405EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder