VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 4 known issues Latest disclosed Oct 05, 2021

Perfect Survey Vulnerabilities

Review known vulnerability records for the WordPress plugin Perfect Survey (`perfect-survey`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2021-24765, CVE-2021-24762 and CVE-2021-24764, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
4
High or Critical
3
Patch Coverage
100%
Last Updated
Jan 22, 2024
Priority CVE Quick Links

Fast paths into Perfect Survey CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
4
CVE-2021-24762 Critical 1.5.2
CVE-2021-24762 Perfect Survey SQL Injection

Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection

CVE-2021-24763 High No patch listed
CVE-2021-24763 Perfect Survey Stored Cross-Site Scripting

Perfect Survey <= 1.5.2 - Cross-Site Request Forgery

CVE-2021-24765 High No patch listed
CVE-2021-24765 Perfect Survey Stored Cross-Site Scripting

Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP

CVE-2021-24764 Medium No patch listed
CVE-2021-24764 Perfect Survey Cross-Site Scripting

Perfect Survey <= 1.5.2 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Perfect Survey so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
4 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 2 high severity findings.
Recent CVEs
CVE-2021-24765, CVE-2021-24762 and CVE-2021-24764
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Perfect Survey

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: No CVE-2021-24765
CVE-2021-24765: Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP

The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue

Published
Oct 05, 2021
Patched Release
Not published
Affected Versions
Versions up to 1.5.2
Next Step
Open the full report for remediation notes and references.
Open CVE-2021-24765 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2021-24762
CVE-2021-24762: Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.

Published
Oct 05, 2021
Patched Release
1.5.2
Affected Versions
Versions before 1.5.2
Next Step
Update to 1.5.2 or newer if supported.
Open CVE-2021-24762 Report Open CVE Reference
Plugin Medium Patched: No CVE-2021-24764
CVE-2021-24764: Perfect Survey <= 1.5.2 - Reflected Cross-Site Scripting

The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Refle...

Published
Oct 05, 2021
Patched Release
Not published
Affected Versions
Versions up to 1.5.2
Next Step
Open the full report for remediation notes and references.
Open CVE-2021-24764 Report Open CVE Reference
Plugin High Patched: No CVE-2021-24763
CVE-2021-24763: Perfect Survey <= 1.5.2 - Cross-Site Request Forgery

The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could...

Published
Oct 05, 2021
Patched Release
Not published
Affected Versions
Versions up to 1.5.2
Next Step
Open the full report for remediation notes and references.
Open CVE-2021-24763 Report Open CVE Reference