4 matches found
CVE-2024-13596
The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to, and including, 1.7.5 due to insufficient escaping on the user supplied parameter and lack of...
Automattic: No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie
Summary: Hi team, If you write the right password on any password protected survey, you will see this request : F878934 This request is protected with rate limit, that's great. But if you look to response, you will see a cookie. The password protection feature is cookie-based system. In my survey...
CVE-2017-1002021
Vulnerability in wordpress plugin surveys v1.01.8, The code in individualresponses.php does not sanitize the surveyid variable before placing it inside of an SQL query...
Wordpress Plugin WordPress Survey and Poll SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WordPress Survey and Poll is one of the survey and poll plugin. A SQL injection vulnerability exists in the...