SQL Injection in WordPress Survey and Poll Plugin by WordPress
CVE-2015-2090

Currently unrated

Key Information:

Vendor

Wordpress
Status
WordPress Survey And Poll
Vendor
CVE Published:
26 February 2015

What is CVE-2015-2090?

A SQL injection flaw exists in the ajax_survey function within the settings.php file of the WordPress Survey and Poll plugin version 1.1.7. This vulnerability enables attackers to inject and execute arbitrary SQL commands through the survey_id parameter during an ajax_survey action, affecting the wp-admin/admin-ajax.php endpoint. By exploiting this weakness, a remote attacker could manipulate the database, leading to potential data breach and compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://osvdb.org/show/osvdb/118218
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/74890
vdb-entryx_refsource_BID
https://wordpress.org/plugins/wp-survey-and-poll/changelog/
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.