### [CVE-2021-24765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24765)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue

### POC

#### Reference
- https://wpscan.com/vulnerability/4440e7ca-1a55-444d-8f6c-04153302d750

#### Github
- https://github.com/20142995/nuclei-templates