Authenticated SQL Injection in Survey Maker Plugin by WordPress
CVE-2023-23490

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Survey Maker WordPress Plugin
Vendor: CVE Published:; 20 January 2023

What is CVE-2023-23490?

The Survey Maker Plugin for WordPress prior to version 3.1.2 is susceptible to an SQL injection vulnerability in the 'surveys_ids' parameter of the 'ays_surveys_export_json' action. This flaw allows authenticated users to manipulate SQL queries, potentially leading to unauthorized data access and exposure of sensitive information.

Affected Version(s)

Survey Maker WordPress Plugin < 3.1.2

References

https://www.tenable.com/security/research/tra-2023-2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Jan 12, 2023

Wordpress

What is CVE-2023-23490?

Affected Version(s)

References

CVSS V3.1

Timeline