Vulnerabilities > Getperfectsurvey
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-01 | CVE-2021-24762 | SQL Injection vulnerability in Getperfectsurvey Perfect Survey The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection. | 7.5 |
| 2022-02-01 | CVE-2021-24763 | Cross-Site Request Forgery (CSRF) vulnerability in Getperfectsurvey Perfect Survey The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. | 6.8 |
| 2022-02-01 | CVE-2021-24764 | Cross-site Scripting vulnerability in Getperfectsurvey Perfect Survey The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues | 4.3 |
| 2022-02-01 | CVE-2021-24765 | Cross-site Scripting vulnerability in Getperfectsurvey Perfect Survey The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue | 4.3 |