The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/7376666e-9b2a-4239-b11f-8544435b444a | Exploit Third Party Advisory |
https://www.in-spired.xyz/wpdevart-polls-blind-sql-injection/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-07-12T19:21:04
Updated: 2021-07-12T19:21:04
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24442
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-12T20:15:09.777
Modified: 2021-07-15T15:35:07.540
Link: CVE-2021-24442
JSON object: View
Redhat Information
No data.
CWE