CVE-2021-47941

Vulnerability

The WordPress plugin Survey & Poll version 1.5.7.3 suffers from a SQL injection vulnerability. The flaw resides in how the plugin processes the wp_sap cookie parameter, specifically within the sss_params variable [1][2]. The application does not properly sanitize or validate this cookie input before constructing SQL queries, allowing an attacker to inject arbitrary SQL commands. This is a classic case of unvalidated data being passed directly into a database query.

Exploitation

An unauthenticated attacker can exploit this vulnerability by crafting a malicious HTTP request that includes a specially crafted wp_sap cookie. The attacker can inject SQL payloads into this cookie parameter without needing any prior authentication or special privileges [1][2]. The exploit requires network access to a target site running the vulnerable plugin, but no other user interaction or elevated permissions are necessary.

Impact

Successful exploitation enables an attacker to execute arbitrary SQL queries on the underlying database. This can lead to extraction of sensitive information, including usernames, hashed passwords, passwords, and other confidential data stored in the WordPress database [1][2]. The attacker may also be able to modify or delete data from other tables, potentially compromising the entire site's data integrity and confidentiality.

Mitigation

As of the analysis, the vendor has not released a patched version; the plugin may be end-of-life or no longer maintained. The best defense-in-depth recommendation is to disable or completely remove the plugin if it is installed. Users should also monitor for any official updates or alternative security measures such as Web Application Firewall (WAF) rules that can block SQL injection attempts.