WordPress Plugin Vulnerabilities

YOP Poll < 6.2.8 - Unauthenticated Stored Cross-Site Scripting

Description

In the plugin, when a poll is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. The execution of the XSS payload depends on the 'Show results' option selected, which could be before or after sending the vote for example.

Proof of Concept

Affects Plugins

Plugin icon
yop-poll
Fixed in 6.2.8

References

CVE
CVE-2021-24454
URL
https://www.in-spired.xyz/discovering-wordpress-plugin-yop-polls-v6-2-7-stored-xss/
YouTube Video

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Toby Jackson
Submitter
Toby Jackson
Submitter website
https://in-spired.xyz
Submitter twitter
_inspir3d
Verified
Yes
WPVDB ID
48ade7a5-5abb-4267-b9b6-13e31e1b3e91

Timeline

Publicly Published
2021-06-17 (about 4 years ago)
Added
2021-06-21 (about 4 years ago)
Last Updated
2022-01-17 (about 3 years ago)

Other

Published
Title
Published
2020-04-29
Title
WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads
Published
2024-05-14
Title
Magazine Blocks < 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2022-12-28
Title
OneClick Chat to Order < 1.0.4.2 - Contributor+ Stored XSS via Shortcode
Published
2024-05-17
Title
Logo Slider < 4.0.0 - Contributor+ Stored XSS
Published
2022-12-23
Title
Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode