Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Getperfectsurvey Subscribe
Filtered by product Perfect Survey
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24762 1 Getperfectsurvey 1 Perfect Survey 2022-03-18 7.5 HIGH 9.8 CRITICAL
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
CVE-2021-24765 1 Getperfectsurvey 1 Perfect Survey 2022-02-04 4.3 MEDIUM 6.1 MEDIUM
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue
CVE-2021-24764 1 Getperfectsurvey 1 Perfect Survey 2022-02-04 4.3 MEDIUM 6.1 MEDIUM
The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues
CVE-2021-24763 1 Getperfectsurvey 1 Perfect Survey 2022-02-04 6.8 MEDIUM 8.8 HIGH
The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey