CVE-2015-2090

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress Survey And Poll
Vendor: CVE Published:; 26 February 2015

Summary

SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

References

http://osvdb.org/show/osvdb/118218

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/74890

vdb-entryx_refsource_BID

https://wordpress.org/plugins/wp-survey-and-poll/changelog/

x_refsource_MISC

Timeline

Vulnerability published
Feb 26, 2015
Vulnerability Reserved
Feb 26, 2015