SQL Injection in WordPress Survey and Poll Plugin by WordPress
CVE-2015-2090

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress Survey And Poll
Vendor: CVE Published:; 26 February 2015

Summary

A SQL injection flaw exists in the ajax_survey function within the settings.php file of the WordPress Survey and Poll plugin version 1.1.7. This vulnerability enables attackers to inject and execute arbitrary SQL commands through the survey_id parameter during an ajax_survey action, affecting the wp-admin/admin-ajax.php endpoint. By exploiting this weakness, a remote attacker could manipulate the database, leading to potential data breach and compromise.

References

http://osvdb.org/show/osvdb/118218

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/74890

vdb-entryx_refsource_BID

https://wordpress.org/plugins/wp-survey-and-poll/changelog/

x_refsource_MISC

Timeline

Vulnerability published
Feb 26, 2015
Vulnerability Reserved
Feb 26, 2015