CVE-2015-2090

WordPress Survey and Poll 1.1.7 - SQL Injection via survey_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2090. PoCs published by Securely (Yoo Hee man).

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in the WordPress Survey and Poll plugin (v1.1.7 and earlier) via the 'survey_id' parameter in the 'ajax_survey' function. The PoC includes a manual SQLi payload and a sqlmap command for exploitation.

Description

SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

Exploits (1)

exploitdb WORKING POC
by Securely (Yoo Hee man) · textwebappsphp
https://www.exploit-db.com/exploits/36054

This exploit demonstrates a blind SQL injection vulnerability in the WordPress Survey and Poll plugin (v1.1.7 and earlier) via the 'survey_id' parameter in the 'ajax_survey' function. The PoC includes a manual SQLi payload and a sqlmap command for exploitation.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress Survey and Poll plugin v1.1.7 and earlier
No auth needed
Prerequisites: WordPress installation with vulnerable plugin · Access to admin-ajax.php endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/118218
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74890
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/36054

Scores

EPSS 0.0474
EPSS Percentile 90.8%

Details

CWE
CWE-89
Status published
Products (1)
sympies/wordpress_survey_and_poll 1.1.7
Published Feb 26, 2015
Tracked Since Feb 18, 2026