WordPress Plugin Vulnerabilities

WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls

Description

The plugin does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues

Proof of Concept

Affects Plugins

Plugin icon
wp-survey-plus
No known fix

References

CVE
CVE-2021-24801

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Vishal Mohan
Submitter
Vishal Mohan
Submitter twitter
Vishal12MI
Verified
Yes
WPVDB ID
78405609-2105-4011-b18e-1ba5f438972d

Timeline

Publicly Published
2021-10-05 (about 4 years ago)
Added
2021-10-05 (about 4 years ago)
Last Updated
2022-04-15 (about 3 years ago)

Other

Published
Title
Published
2020-09-22
Title
Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content
Published
2024-06-05
Title
The Moneytizer < 10.0.1 - Cross-Site Request Forgery via multiple AJAX actions
Published
2021-10-04
Title
Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
Published
2023-12-22
Title
easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update
Published
2024-12-04
Title
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins < 2.0.59 - Sensitive Information Exposure