The Perfect Survey WordPress plugin prior to 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
getperfectsurvey perfect survey |