Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbApple502jWPVDB-ID:C73C7694-1CEE-4F26-A425-9C336ADCE52B
HistoryOct 05, 2021 - 12:00 a.m.

Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update

2021-10-0500:00:00
apple502j
wpscan.com
11
plugin vulnerability
unauthorised access
stored xss

EPSS

0.001

Percentile

47.1%

JSON

The plugin does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey

PoC

jQuery.post(“https://example.com/wp-admin/admin-ajax.php?action=save_global_setting”,{ ps_global_options:{ps_options_custom_css:"body{background-color:blue !important;}alert(/XSS/)

Related

cvelist 1
cnvd 1
wpexploit 1
nvd 1
prion 1
patchstack 1
cve 1
cvelist
cvelist
CVE-2021-24763 Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update
2022-02-01 12:21:23
cnvd
cnvd
WordPress Perfect Survey plugin cross-site request forgery vulnerability
2022-02-10 00:00:00
wpexploit
wpexploit
Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update
2021-10-05 00:00:00
nvd
nvd
CVE-2021-24763
2022-02-01 13:15:08
prion
prion
Cross site scripting
2022-02-01 13:15:00
patchstack
patchstack
WordPress Perfect Survey plugin <= 1.5.0 - Unauthorized AJAX Call to Stored XSS / Survey Settings Update vulnerability
2021-10-05 00:00:00
cve
cve
CVE-2021-24763
2022-02-01 13:15:08

EPSS

0.001

Percentile

47.1%

JSON
Related for WPVDB-ID:C73C7694-1CEE-4F26-A425-9C336ADCE52B
cvelist1cnvd1wpexploit1nvd1prion1patchstack1cve1