WordPress Plugin Vulnerabilities

Poll Maker < 4.8.1 - Missing Authorization

Description

The Poll Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.8.0. This makes it possible for unauthenticated attackers to perform unauthorized actions.

Affects Plugins

Plugin icon
poll-maker
Fixed in 4.8.1

References

CVE
CVE-2023-50904
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/345097c7-8f0e-46ed-9a1d-7c8a4a589e3f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
11ac0281-14b6-4ee5-a93b-fc917bdd3e4b

Timeline

Publicly Published
2023-12-26 (about 2 years ago)
Added
2024-01-04 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2026-03-20
Title
Bit SMTP – Easy SMTP Solution with Email Logs < 1.2.3 - Missing Authorization
Published
2026-02-18
Title
Breeze – WordPress Cache Plugin < 2.2.22 - Missing Authorization to Cache Deletion
Published
2021-11-08
Title
Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal
Published
2026-02-08
Title
Advanced Related Posts < 1.9.2 - Missing Authorization
Published
2026-03-08
Title
Atarim < 4.3.3 - Missing Authorization