WordPress Plugin Vulnerabilities

CP Polls < 1.0.72 - Unauthenticated Content Injection

Description

The Polls CP plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.0.71. This is due to insufficient validation on poll answers. This makes it possible for unauthenticated attackers to inject arbitrary content.

Affects Plugins

Plugin icon
cp-polls
Fixed in 1.0.72

References

CVE
CVE-2024-24874
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f28d7659-9244-4da8-97e9-4539d7d874f7

Classification

Type
CONTENT INJECTION
OWASP top 10
A1: Injection
CWE
CWE-345
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Kyle Sanchez
Verified
No
WPVDB ID
a2bdc100-e00b-4c1a-8185-a60d08a53a80

Timeline

Publicly Published
2024-02-05 (about 2 years ago)
Added
2024-02-09 (about 2 years ago)
Last Updated
2024-02-09 (about 2 years ago)

Other

Published
Title
Published
2022-11-29
Title
Quiz and Survey Master < 8.0.5 - Improper Input Validation
Published
2021-07-12
Title
Frontend File Manager < 18.3 - Unauthenticated HTML Injection
Published
2023-11-07
Title
Foyer <= 1.7.5 - Content Injection via Improper Access Control
Published
2021-09-23
Title
Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment
Published
2024-06-06
Title
PPOM for WooCommerce < 32.0.21 - Unauthenticated Content Injection Vulnerability