CVE-2024-13596

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 30, 2025

Updated: Jan 31, 2025

CWE ID 89

Summary

CVE-2024-13596 is a vulnerability affecting the WordPress Survey & Poll plugin for WordPress. This issue permits authenticated attackers with Contributor-level access and above to execute SQL Injections via the 'id' attribute of the 'survey' shortcode. The vulnerability stems from insufficient escaping of user-supplied data and a lack of proper query preparation. Consequently, attackers can append additional SQL queries to existing ones, potentially extracting sensitive data from the database. Versions up to and including 1.7.5 are susceptible to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2qu5eH
https://www.cve.org/CVERecord?id=CVE-2024-13596
https://nvd.nist.gov/vuln/detail/CVE-2024-13596

Back to Vulnerability Database

CVE-2024-13596

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations