CSRF Vulnerability in Light Poll Plugin for WordPress by WPScan
CVE-2024-6720

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Light Poll
Vendor: CVE Published:; 6 August 2024

What is CVE-2024-6720?

The Light Poll WordPress plugin, up to version 1.0.0, exhibits a vulnerability due to the lack of Cross-Site Request Forgery (CSRF) checks in certain functionalities. This weakness could allow attackers to trick authenticated users into performing unwanted actions, potentially compromising their accounts and data integrity. Site administrators should prioritize reviewing and patching this vulnerability to ensure robust security.

References

https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2024

Wordpress

What is CVE-2024-6720?

References

CVSS V3.1

Timeline