漏洞描述
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。WordPress Perfect Surveyplugin在1.5.2之前版本存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
WordPress插件Perfect Survey低于1.5.2版本存在SQL注入漏洞(CVE-2021-24762)
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-15081: PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
- POC CVE-2020-9314: Oracle iPlanet Web Server 7.0.x - Image Injection
- POC CVE-2021-21246: OneDev < 4.0.3 - User Access Token Leak
- POC CVE-2021-22881: Ruby on Rails - Open Redirect via Host Header Injection
- POC CVE-2022-0188: CMP WordPress < 4.0.19 - Broken Access Control
- POC CVE-2022-41697: Ghost CMS - User Enumeration
- POC CVE-2022-4223: pgAdmin < 6.17 - Unauthenticated Remote Code Execution
- POC CVE-2025-11580: PowerJob List - Authorization Bypass
- POC CVE-2025-13418: Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting
- POC CVE-2025-27817: Apache Kafka Client - Arbitrary File Read
- POC CVE-2025-56520: Dify v1.6.0 - Server-Side Request Forgery
- POC CVE-2025-66516: Apache Tika - XML External Entity Injection
- POC CVE-2025-8110: Gogs <= 0.13.3 - Remote Code Execution