Securely

**Name of the Vulnerable Software and Affected Versions** WordPress Survey and Poll plugin version 1.1.7 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `survey id` parameter in an `ajax survey` action to the "/wp-admin/admin-ajax.php" API endpoint. **Recommendations** For WordPress Survey and Poll plugin version 1.1.7, consider disabling the `ajax survey` function in settings.php until a patch is available. Restrict access to the "/wp-admin/admin-ajax.php" API endpoint to minimize the risk of exploitation. Avoid using the `survey id` parameter in the affected API endpoint until the issue is resolved.