WordPress Plugin Vulnerabilities

Surveys 1.01.8 - Authenticated SQL Injection

Description

The surveys WordPress plugin was affected by an Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
surveys
No known fix

References

CVE
CVE-2017-1002020
CVE
CVE-2017-1002021
CVE
CVE-2017-1002022
URL
http://www.vapidlabs.com/advisory.php?v=193
URL
https://www.openwall.com/lists/oss-security/2017/05/30/4

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
14f1b690-5e20-4d05-9ccc-55a543a2eb3e

Timeline

Publicly Published
2017-05-21 (about 6 years ago)
Added
2017-05-26 (about 6 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2023-02-16
Title
Media Library Assistant < 3.06 - Admin+ SQLi
Published
2014-09-19
Title
Gallery Objects <= 0.4 - SQL Injection
Published
2023-06-19
Title
All In One Redirection < 2.2.0 - Admin+ SQLi
Published
2024-05-01
Title
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting < 1.13.2 - Authenticated (AccountingManager+) SQL Injection
Published
2022-01-06
Title
WordPress < 5.8.3 - SQL Injection via WP_Query