CVE-2021-24442: 
WordPress vulnerability analysis and mitigation

The Poll, Survey, Questionnaire and Voting system WordPress plugin before version 1.5.3 contains an SQL injection vulnerability identified as CVE-2021-24442. The vulnerability was discovered by Toby Jackson and publicly disclosed on June 22, 2021. The plugin failed to properly sanitize, escape, or validate the date_answers[] POST parameter when processing poll results, making it vulnerable to SQL injection attacks from unauthenticated users (WPScan).

The vulnerability is classified as an SQL Injection (SQLI) with a CVSS v3 base score of 9.8 (Critical). The attack vector is network-based, requires low attack complexity, needs no privileges or user interaction, and has a high impact on confidentiality, integrity, and availability. The vulnerability is tracked as CWE-89 and falls under the OWASP Top 10 category A1: Injection (WPScan, AttackerKB).

The vulnerability allows unauthenticated attackers to perform SQL injection attacks against the affected WordPress installations. Due to its critical CVSS score of 9.8, successful exploitation could lead to unauthorized access to the database, potential data theft, and possible system compromise (AttackerKB).

The vulnerability has been patched in version 1.5.3 of the Poll, Survey, Questionnaire and Voting system WordPress plugin. Users are strongly advised to update to this version or later to mitigate the risk (WPScan).