Search criteria
6 vulnerabilities found for Poll Maker by Unknown
CVE-2024-13602 (GCVE-0-2024-13602)
Vulnerability from cvelistv5 – Published: 2025-03-16 06:00 – Updated: 2025-03-17 15:17
VLAI?
Title
Poll Maker < 5.5.4 - Admin+ Stored XSS
Summary
The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity ?
4.8 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Poll Maker |
Affected:
0 , < 5.5.4
(semver)
|
Credits
Krugov Artyom
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13602",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T15:16:47.829957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T15:17:11.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Poll Maker",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krugov Artyom"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T06:00:07.086Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/05d5010b-94eb-4fd3-b962-e2a16c032b71/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Poll Maker \u003c 5.5.4 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-13602",
"datePublished": "2025-03-16T06:00:07.086Z",
"dateReserved": "2025-01-21T19:24:05.524Z",
"dateUpdated": "2025-03-17T15:17:11.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1456 (GCVE-0-2022-1456)
Vulnerability from cvelistv5 – Published: 2022-05-30 08:35 – Updated: 2024-08-03 00:03
VLAI?
Title
Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
Summary
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Poll Maker |
Affected:
4.0.2 , < 4.0.2
(custom)
|
Credits
0x23.so
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Poll Maker",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.0.2",
"status": "affected",
"version": "4.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0x23.so"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-30T08:35:47",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Poll Maker \u003c 4.0.2 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1456",
"STATE": "PUBLIC",
"TITLE": "Poll Maker \u003c 4.0.2 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Poll Maker",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.0.2",
"version_value": "4.0.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0x23.so"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1456",
"datePublished": "2022-05-30T08:35:47",
"dateReserved": "2022-04-25T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24651 (GCVE-0-2021-24651)
Vulnerability from cvelistv5 – Published: 2021-10-11 10:45 – Updated: 2024-08-03 19:35
VLAI?
Title
Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection
Summary
The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Poll Maker |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Poll Maker",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-11T10:45:34",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Poll Maker \u003c 3.4.2 - Unauthenticated Time Based SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24651",
"STATE": "PUBLIC",
"TITLE": "Poll Maker \u003c 3.4.2 - Unauthenticated Time Based SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Poll Maker",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24651",
"datePublished": "2021-10-11T10:45:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13602 (GCVE-0-2024-13602)
Vulnerability from nvd – Published: 2025-03-16 06:00 – Updated: 2025-03-17 15:17
VLAI?
Title
Poll Maker < 5.5.4 - Admin+ Stored XSS
Summary
The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity ?
4.8 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Poll Maker |
Affected:
0 , < 5.5.4
(semver)
|
Credits
Krugov Artyom
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13602",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T15:16:47.829957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T15:17:11.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Poll Maker",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krugov Artyom"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T06:00:07.086Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/05d5010b-94eb-4fd3-b962-e2a16c032b71/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Poll Maker \u003c 5.5.4 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-13602",
"datePublished": "2025-03-16T06:00:07.086Z",
"dateReserved": "2025-01-21T19:24:05.524Z",
"dateUpdated": "2025-03-17T15:17:11.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1456 (GCVE-0-2022-1456)
Vulnerability from nvd – Published: 2022-05-30 08:35 – Updated: 2024-08-03 00:03
VLAI?
Title
Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
Summary
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Poll Maker |
Affected:
4.0.2 , < 4.0.2
(custom)
|
Credits
0x23.so
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Poll Maker",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.0.2",
"status": "affected",
"version": "4.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0x23.so"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-30T08:35:47",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Poll Maker \u003c 4.0.2 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1456",
"STATE": "PUBLIC",
"TITLE": "Poll Maker \u003c 4.0.2 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Poll Maker",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.0.2",
"version_value": "4.0.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0x23.so"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1456",
"datePublished": "2022-05-30T08:35:47",
"dateReserved": "2022-04-25T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24651 (GCVE-0-2021-24651)
Vulnerability from nvd – Published: 2021-10-11 10:45 – Updated: 2024-08-03 19:35
VLAI?
Title
Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection
Summary
The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Poll Maker |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Poll Maker",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-11T10:45:34",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Poll Maker \u003c 3.4.2 - Unauthenticated Time Based SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24651",
"STATE": "PUBLIC",
"TITLE": "Poll Maker \u003c 3.4.2 - Unauthenticated Time Based SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Poll Maker",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24651",
"datePublished": "2021-10-11T10:45:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}