WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF)
CVE-2023-34013

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Poll Maker – Best WordPress Poll Plugin
Vendor: CVE Published:; 13 November 2023

What is CVE-2023-34013?

The Poll Maker – Best WordPress Poll Plugin is impacted by a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to send unauthorized requests from the server, potentially exposing sensitive data or internal resources. This vulnerability affects versions up to 4.6.2, emphasizing the need for updates to secure the plugin effectively. Website administrators must ensure they are using a patched version to avoid exploitation and safeguard their environments.

Affected Version(s)

Poll Maker – Best WordPress Poll Plugin <= 4.6.2

References

https://patchstack.com/database/vulnerability/poll-maker/...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2023
Vulnerability Reserved
May 25, 2023

Credit

Abu Hurayra (Patchstack Alliance)

Wordpress

What is CVE-2023-34013?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit