WordPress Plugin Vulnerabilities

Responsive Poll < 1.3.4 - Broken Authentication and Missing Capability Checks on AJAX calls

Description

Edit (WPScanTeam):

In versions < 1.3.3, unauthenticated users can manipulate polls, e.g., delete, clone, or view a hidden poll.
In versions < 1.3.4 any authenticated user can do the same as above

v1.3.4 added capability checks, however the issues are still exploitable via CSRF as there is no nonce checks

Affects Plugins

Plugin icon
poll-wp
Fixed in 1.3.4

References

CVE
CVE-2020-11673
URL
https://gist.github.com/pak0s/05a0e517aeff4b1422d1a93f59718459
URL
https://plugins.trac.wordpress.org/changeset/2271601
URL
https://plugins.trac.wordpress.org/changeset/2273724

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
pak0s
Verified
Yes
WPVDB ID
3326238d-3788-43af-a402-2c9d6ea46727

Timeline

Publicly Published
2020-04-13 (about 5 years ago)
Added
2020-04-13 (about 5 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-13
Title
Homey <= 2.4.1 - Authenticated (Subscriber+) Privilege Escalation
Published
2020-03-24
Title
Data Tables Generator By Supsystic < 1.9.92 - Insecure Permissions on AJAX Actions
Published
2023-06-07
Title
Directorist < 7.5.5 - Subscriber+ Arbitrary User Password Reset to Privilege Escalation
Published
2025-12-15
Title
Fox LMS 1.0.4.7 - 1.0.5.1 - Unauthenticated Privilege Escalation via 'createOrder'
Published
2019-08-09
Title
ND Restaurant Reservations < 1.5 - Unauthenticated Options Change