CVE-2021-24762 Scanner
CVE-2021-24762 scanner - SQL Injection (SQLi) vulnerability in Perfect Survey Plugin for WordPress
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
URL
Toolbox
-
The Perfect Survey Plugin for WordPress is designed to allow website owners and managers to create and distribute surveys to their audience. This plugin is highly useful for gathering valuable feedback and opinions from website visitors. With the Perfect Survey Plugin, WordPress users can obtain detailed insights into their audience's interests, preferences, and behaviors, which can help inform the development and optimization of their online presence. The plugin offers a user-friendly interface to create and deploy surveys, and it supports a variety of question types, including multiple choice, rating, and open-ended questions.
However, despite its usefulness, the Perfect Survey Plugin was recently found to be vulnerable to a security flaw that could enable hackers to breach WordPress websites that utilize this plugin. This vulnerability, known as CVE-2021-24762, enables unauthenticated users to perform SQL injection attacks. Specifically, the plugin does not validate or escape the question_id GET parameter used in SQL statements in the get_question AJAX action. As a result, attackers can exploit this vulnerability to inject malicious code and gain unauthorized access to sensitive data, modify or delete database records, or execute other malicious actions on the affected website.
If this vulnerability is exploited, it can have serious consequences for the affected WordPress website. Depending on the attacker's motivations and goals, they may be able to obtain sensitive information, damage the website's reputation, deface the website, install malware, or take complete control of the website. In addition, such attacks can also cause significant financial and legal harm to the affected website owners and managers.
In conclusion, the recent vulnerability discovered in the Perfect Survey Plugin for WordPress underscores the importance of website security and vulnerability management. By implementing the necessary precautions and staying up to date on the latest threats and vulnerabilities, website owners and managers can protect their digital assets and reputation. For those seeking additional resources and support in securing their websites, s4e.io's pro features offer an effective and efficient way to identify and address vulnerabilities in WordPress plugins and other digital assets.
REFERENCES
