LiquidPoll – Polls, Surveys, NPS and Feedback Reviews < 3.3.77 – Information Exposure | CVE 2024-2080 | Plugin Vulnerabilities

Description

The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private.

Affects Plugins

Fixed in 3.3.77

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/84f57623-b6a6-4717-857d-93fa9d279882

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

c9bec2f4-6183-44c9-a462-bd8b32209eb2

Timeline

Publicly Published

2024-03-21 (about 2 years ago)

Added

2024-03-21 (about 2 years ago)

Last Updated

2024-03-21 (about 2 years ago)

Other

Published

Title

Published

2026-01-26

Title

Nexter Blocks < 4.6.4 - Authenticated (Subscriber+) Information Exposure

Published

2024-12-26

Title

Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages < 2.0.3 - Authenticated (Subscriber+) Sensitive Information Disclosure

Published

2025-04-01

Title

ACF City Selector <= 1.17.0 - Unauthenticated Sensitive Information Exposure

Published

2025-02-17

Title

File Uploads Addon for WooCommerce < 1.7.2 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

Published

2025-09-22

Title

UK Address Postcode Validation < 3.10.0 - Unauthenticated Sensitive Information Exposure