WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls

2021-10-05T00:00:00
ID WPVDB-ID:78405609-2105-4011-B18E-1BA5F438972D
Type wpvulndb
Reporter Vishal Mohan
Modified 2021-10-05T14:15:26

Description

The plugin does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues

PoC

To create a survey with an XSS payload in the Title To delete a survey: <