{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2021-47941/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2021-47941"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Survey \u0026 Poll plugin"],"_cs_severities":["high"],"_cs_tags":["cve","cve-2021-47941","wordpress","sql injection","web application"],"_cs_type":"threat","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eCVE-2021-47941 describes a critical SQL injection vulnerability affecting the WordPress Survey \u0026amp; Poll plugin, version 1.5.7.3. This flaw allows unauthenticated attackers to inject malicious SQL code via the \u003ccode\u003ewp_sap\u003c/code\u003e cookie. By crafting specific SQL payloads within this cookie, attackers can execute arbitrary queries against the WordPress database. This can lead to the exfiltration of sensitive information such as usernames, passwords, and other confidential data stored within the database. The vulnerability poses a significant risk to WordPress websites using the affected plugin version, potentially leading to complete compromise of the web application.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress website running the Survey \u0026amp; Poll plugin version 1.5.7.3.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL payload designed to extract sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the SQL payload into the \u003ccode\u003ewp_sap\u003c/code\u003e cookie value within an HTTP request.\u003c/li\u003e\n\u003cli\u003eThe WordPress application processes the request, executing the injected SQL query against the database.\u003c/li\u003e\n\u003cli\u003eThe database server executes the malicious SQL query due to the SQL injection vulnerability in the plugin\u0026rsquo;s handling of the \u003ccode\u003ewp_sap\u003c/code\u003e cookie.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the results of the SQL query, which may include usernames, passwords, or other sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the exfiltrated data for further malicious activities, such as gaining administrative access to the WordPress site.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2021-47941 can allow an unauthenticated attacker to extract sensitive information from the WordPress database, including usernames, passwords, and potentially other confidential data. This can lead to complete compromise of the WordPress site, allowing the attacker to modify content, install malware, or use the site for further attacks. Due to the nature of the vulnerability, a wide range of WordPress sites using the vulnerable plugin version are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2021-47941 Exploitation via Malicious wp_sap Cookie\u003c/code\u003e to identify exploitation attempts based on SQL injection patterns in the \u003ccode\u003ewp_sap\u003c/code\u003e cookie value.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect WordPress wp_sap Cookie with Union SQL Injection\u003c/code\u003e to detect UNION-based SQL injection attempts via the vulnerable cookie.\u003c/li\u003e\n\u003cli\u003eUpgrade the WordPress Survey \u0026amp; Poll plugin to a patched version that addresses the SQL injection vulnerability (CVE-2021-47941).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-10T13:21:01Z","date_published":"2026-05-10T13:21:01Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47941-wordpress-sqli/","summary":"WordPress Plugin Survey \u0026 Poll version 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap cookie parameter, potentially leading to sensitive data extraction.","title":"CVE-2021-47941: WordPress Survey \u0026 Poll Plugin SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47941-wordpress-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2021-47941","version":"https://jsonfeed.org/version/1.1"}