WordPress Plugin Vulnerabilities

CP Polls < 1.0.72 - Unauthenticated Poll Limit Bypass

Description

The Polls CP plugin for WordPress is vulnerable to Poll Limit Bypass in all versions up to, and including, 1.0.71. This is due to insufficient controls on on the voting system. This makes it possible for unauthenticated attackers to vote multiple times.

Affects Plugins

Plugin icon
cp-polls
Fixed in 1.0.72

References

CVE
CVE-2024-24873
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2c80de83-3996-4048-8aa3-3611b002fc01

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Kyle Sanchez
Verified
No
WPVDB ID
e3d42d5a-e31b-4022-aa69-aa1cde241dfb

Timeline

Publicly Published
2024-02-05 (about 2 years ago)
Added
2024-02-08 (about 2 years ago)
Last Updated
2024-02-08 (about 2 years ago)

Other

Published
Title
Published
2023-07-10
Title
WooCommerce Ship to Multiple Addresses < 3.8.6 - Customer+ Shipping Address Update
Published
2024-09-24
Title
REST API TO MiniProgram < 4.7.6 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover
Published
2025-06-05
Title
Password Policy Manager < 2.0.5 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Published
2023-09-25
Title
ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure
Published
2024-01-02
Title
LearnPress < 4.2.5.8 - Subscriber+ Arbitrary Course Progress Disclosure