Medium severity4.3NVD Advisory· Published Nov 8, 2021· Updated Jun 17, 2026
CVE-2021-24801
CVE-2021-24801
Description
The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP Survey Plus WordPress plugindescription
- Range: <=1.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972dnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.