CVE-2024-3600 – The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to …

19 April 2024

Vuln ID: CVE-2024-3600

Published: 2024-04-19 03:15:06.300

Description: The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page.

Base Score: 7.2 – HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

19 April 2024

Categorie(s):

NVD

Tag(s):

NVD

McAfee Dominates AV-Comparatives PC Performance Test3 May 2024
Preparation: The Less Shiny Side of Incident Response – Joe Gross – ESW #3603 May 2024
Critical GitLab account takeover flaw added to CISA’s KEV Catalog2 May 2024
Microsoft, Google do a victory lap around passkeys2 May 2024
Understanding Scattered Spider, and how they perform cloud-centric identity attacks2 May 2024