CVE-2021-24763

Name of the Vulnerable Software and Affected Versions The Perfect Survey WordPress plugin versions prior to 1.5.2

Description The issue is related to the lack of proper authorization and CSRF checks in the save global setting AJAX action. This allows unauthenticated users to edit surveys and modify settings. Additionally, the lack of sanitization and escaping in the settings could lead to a Stored Cross-Site Scripting issue, which would be executed in the context of a user viewing any survey.

Recommendations For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider disabling the save global setting AJAX action until a patch is available. Restrict access to the settings modification functionality to minimize the risk of exploitation. Avoid using the affected AJAX endpoint until the issue is resolved.