CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24801

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.4%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.3

References

https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d
https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d

Products affected by CVE-2021-24801

Wp Survey Plus Project » Wp Survey Plus » Version: N/A

cpe:2.3:a:wp_survey_plus_project:wp_survey_plus:-
Wp Survey Plus Project » Wp Survey Plus » Version: 1.0

cpe:2.3:a:wp_survey_plus_project:wp_survey_plus:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24801

Products

Pricing

Contact Us