Lucene search
K

4 matches found

CNVD
CNVD
added 2021/11/10 12:0 a.m.26 views

WordPress Plugin Cross-Site Request Forgery Vulnerability (CNVD-2021-92549)

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...

4.3CVSS3.4AI score0.00435EPSS
Exploits2References1
NVD
NVD
added 2021/11/08 6:15 p.m.10 views

CVE-2021-24801

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site...

4.3CVSS0.00435EPSS
Exploits2References1
Prion
Prion
added 2021/11/08 6:15 p.m.17 views

Cross site scripting

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site...

4.3CVSS4.5AI score0.00435EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/11/08 5:35 p.m.45 views

CVE-2021-24801

The CVE CVE-2021-24801 affects the WordPress plugin WP Survey Plus up to version 1.0 . The vulnerability arises from missing authorization checks and absent CSRF protections in the plugin’s AJAX actions, allowing any user to call the actions to add/edit/delete surveys . Additionally, inadequate s...

4.3CVSS4.4AI score0.00435EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder