CVE-2021-24442

Summary

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks

Affected Software

VendorProductVersion RangeStatus
wpdevartPoll, Survey, Questionnaire and Voting system1.5.3 < 1.5.3affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References