Security Vulnerabilities - CVEs Published In February 2022
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
CVSS Score
9.8
EPSS Score
0.857
Published
2022-02-01
The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey
CVSS Score
8.8
EPSS Score
0.005
Published
2022-02-01
The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-01
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.032
Published
2022-02-01
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-02-01
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim's browser. If the victim is an administrator with a valid session cookie, full control of the WordPress instance may be taken (AJAX calls and iframe manipulation are possible because the vulnerable endpoint is on the same domain as the admin panel - there is no same-origin restriction).
CVSS Score
9.6
EPSS Score
0.172
Published
2022-02-01
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-02-01
The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVSS Score
4.8
EPSS Score
0.003
Published
2022-02-01
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection
CVSS Score
8.8
EPSS Score
0.009
Published
2022-02-01
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.098
Published
2022-02-01