cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-24765,https://securityvulnerability.io/vulnerability/CVE-2021-24765,Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting,"The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue",Wordpress,Perfect Survey,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-02-01T12:21:25.000Z,0
CVE-2021-24764,https://securityvulnerability.io/vulnerability/CVE-2021-24764,Perfect Survey < 1.5.2 - Reflected Cross-Site Scripting,"The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues",Wordpress,Perfect Survey,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-02-01T12:21:24.000Z,0
CVE-2021-24762,https://securityvulnerability.io/vulnerability/CVE-2021-24762,Perfect Survey < 1.5.2 - Unauthenticated SQL Injection,"The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.",Wordpress,Perfect Survey,9.8,CRITICAL,0.9687700271606445,false,,false,false,false,,,false,false,,2022-02-01T12:21:23.000Z,0
CVE-2021-24763,https://securityvulnerability.io/vulnerability/CVE-2021-24763,Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update,"The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey",Wordpress,Perfect Survey,8.8,HIGH,0.001879999996162951,false,,false,false,false,,,false,false,,2022-02-01T12:21:23.000Z,0