Reflected XSS Vulnerability in CP Polls
CVE-2024-47297

7.1HIGH

Key Information:

Vendor: WordPress
Status: Cp Polls
Vendor: CVE Published:; 6 October 2024

Summary

A vulnerability exists in the CodePeople CP Polls plugin due to improper neutralization of input during web page generation, resulting in reflected cross-site scripting (XSS) issues. This vulnerability allows malicious actors to inject arbitrary JavaScript into the web pages viewed by users, potentially compromising sensitive information and user sessions. The issue affects all versions of CP Polls up to 1.0.74, highlighting the importance of regular updates and security assessments to protect against web-based threats.

Affected Version(s)

CP Polls <= 1.0.74

References

https://patchstack.com/database/vulnerability/cp-polls/wo...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Muhamad Agil Fachrian (Patchstack Alliance)