CVE-2024-13596 identifies an SQL Injection vulnerability in the WordPress Survey & Poll – Quiz, Survey and Poll Plugin (versions up to and including 1.7.5). The flaw arises from improper neutralization of special elements in SQL commands (CWE-89), specifically due to insufficient escaping of the user-supplied 'id' parameter within the 'survey' shortcode. This vulnerability allows authenticated users with Contributor-level access or higher to append arbitrary SQL queries to existing database queries. Because the plugin fails to properly prepare or sanitize these inputs, attackers can exploit this to extract sensitive information from the WordPress database, such as user data or site configuration details. The attack vector requires no user interaction beyond authentication, and the vulnerability is remotely exploitable over the network. The CVSS 3.1 score of 6.5 reflects a medium severity, with network attack vector, low attack complexity, and privileges required at the contributor level. While no known exploits have been reported in the wild, the vulnerability poses a significant risk to confidentiality. The plugin is widely used in WordPress environments for surveys and polls, making many sites potentially vulnerable until patched. The absence of a patch link indicates that a fix may not yet be publicly available, increasing the urgency for mitigation measures.

The primary impact of this vulnerability is the unauthorized disclosure of sensitive information stored in the WordPress database. Attackers with contributor-level access can exploit the SQL Injection to extract data such as user credentials, personal information, or site configuration details, potentially leading to privacy violations and further attacks. Although the vulnerability does not directly affect data integrity or availability, the confidentiality breach can undermine trust and compliance with data protection regulations. Organizations relying on this plugin for user engagement risk exposure of sensitive data, which could result in reputational damage and legal consequences. Since the attack requires authenticated access, the threat is somewhat limited to insiders or compromised accounts, but the ease of exploitation and lack of user interaction needed increase the risk. The vulnerability affects all sites using the plugin up to version 1.7.5, which may include a significant number of WordPress installations worldwide.

1. Immediately restrict Contributor-level and higher privileges to trusted users only, minimizing the risk of exploitation from compromised accounts. 2. Monitor database logs and web application logs for unusual or suspicious SQL queries that may indicate exploitation attempts. 3. Implement Web Application Firewall (WAF) rules to detect and block SQL Injection patterns targeting the 'id' parameter in the 'survey' shortcode. 4. Apply strict input validation and sanitization on all user-supplied parameters related to the plugin, especially the 'id' attribute, using parameterized queries or prepared statements if possible. 5. Regularly update the plugin once a security patch is released by the vendor; subscribe to vendor advisories to stay informed. 6. Consider temporarily disabling the plugin if it is not critical to operations until a patch is available. 7. Conduct a thorough audit of user privileges and remove unnecessary contributor or higher-level accounts. 8. Educate site administrators and content creators about the risks of SQL Injection and the importance of secure plugin management.