关键漏洞信息 CVE: CVE-2024-13596 CVSS Score: 6.5 (Medium) Publicly Published: January 30, 2025 Last Updated: January 30, 2025 Researcher: Peter Thaleikis Vulnerability Description: The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to, and including, 1.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Affected Version: <= 1.7.5 Patched: No Remediation: No known patch available. It may be best to uninstall the affected software and find a replacement. Recent Vulnerabilities in the Same Plugin: 1. CVE-2024-12528: Authenticated (Contributor+) Stored Cross-Site Scripting (CVSS: 6.4) 2. CVE-2015-2090: SQL Injection (CVSS: 9.8)