Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls
Vulnerability Description
The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Wordpress plugin WP Survey Plus 跨站脚本漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 Wordpress Plugin WP Survey Plus 中存在跨站脚本漏洞,该漏洞源于产品的Ajax操作缺少用户权限验证。攻击者可通过该漏洞以任意权限添加、编辑、删除数据。以下产品及版本受到影响:Wordpress Plugin WP Survey P
CVSS Information
N/A
Vulnerability Type
N/A