← back
CVE-2021-24762

Perfect Survey < 1.5.2 - Unauthenticated SQL Injection

EPSS 86.9%CWE-89
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
Affected products
Unknown · Perfect Survey
public PoCs found4
githubgithub.com/c4cnm/Exploit_CVE-2021-247621githubgithub.com/NT1410/CVE-2021-247620cve_referencepacketstormsecurity.com/files/166072/WordPress-Perfect-Survey-1.5.1-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50766unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/166072/WordPress-Perfect-Survey-1.5.1-SQL-Injection.htmlhttps://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad