WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF)
CVE-2023-34013

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Poll Maker – Best WordPress Poll Plugin
Vendor: CVE Published:; 13 November 2023

Summary

The Poll Maker – Best WordPress Poll Plugin is impacted by a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to send unauthorized requests from the server, potentially exposing sensitive data or internal resources. This vulnerability affects versions up to 4.6.2, emphasizing the need for updates to secure the plugin effectively. Website administrators must ensure they are using a patched version to avoid exploitation and safeguard their environments.

Affected Version(s)

Poll Maker – Best WordPress Poll Plugin <= 4.6.2

References

https://patchstack.com/database/vulnerability/poll-maker/...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2023
Vulnerability Reserved
May 25, 2023

Credit

Abu Hurayra (Patchstack Alliance)