Cardoza WordPress Poll <= 34.05 – Multiple External Function Remote Poll Manipulation | CVE 2013-1401

Affects Plugins

cardoza-wordpress-poll

Fixed in 34.06

References

CVE

CVE-2013-1401

URL

https://packetstormsecurity.com/files/#119736/

URL

https://seclists.org/bugtraq/2013/Jan/86

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

9.8 (critical)

Miscellaneous

Verified

No

WPVDB ID

8070815c-5c65-44e5-a560-fb7d3583054d

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2022-09-14

Title

Sucuri Security < 1.8.34 - Event log Entry Creation via CSRF

Published

2020-09-26

Title

Customizr < 4.3.1 - Arbitrary Settings Update via CSRF

Published

2023-09-28

Title

Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update

Published

2024-07-09

Title

Patricia Lite <= 1.2.3 - Cross-Site Request Forgery

Published

2024-11-28

Title

Load More Posts <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting