WordPress Plugin Vulnerabilities

WordPress Survey & Poll < 1.1.91 - Blind SQL Injection

Description

The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress WordPress plugin was affected by a Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wp-survey-and-poll
Fixed in 1.1.91

References

CVE
CVE-2015-2090
Exploitdb
36054
URL
https://packetstormsecurity.com/files/#130381/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
629f04d8-a8ef-40b2-aeb0-ac54db832a4c

Timeline

Publicly Published
2015-02-12 (about 11 years ago)
Added
2015-02-12 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-05-14
Title
File Provider <= 1.2.3 - Unauthenticated SQLi
Published
2025-01-22
Title
Tainacan < 0.21.13 - Authenticated (Subscriber+) SQL Injection
Published
2024-12-05
Title
KiviCare – Clinic & Patient Management System (EHR) < 3.6.5 - Authenticated (Subscriber+) SQL Injection
Published
2015-07-19
Title
WR ContactForm <= 1.1.9 - Authenticated SQL Injection
Published
2021-07-20
Title
Giveaway <= 1.2.2 - Authenticated SQL Injection