Poll Maker Vulnerable to Stored Cross-Site Scripting
CVE-2024-3600

7.2HIGH

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
19 April 2024

Summary

The Poll Maker – Best WordPress Poll Plugin plugin for WordPress exhibits a vulnerability to Stored Cross-Site Scripting (XSS) due to an absence of proper capability checks on the ays_poll_maker_quick_start AJAX action. Additionally, all versions up to and including 5.1.8 lack sufficient escaping and sanitization measures. This deficiency enables unauthenticated attackers to craft quizzes that can embed malicious scripts, which execute without user consent when a targeted individual visits the page, significantly increasing the risk of data theft and site compromise.

Affected Version(s)

Poll Maker – Best WordPress Poll Plugin * <= 5.1.8

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Krzysztof Zając
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.