vulnerability

WordPress Plugin: poll-maker: CVE-2024-3600: Missing Authorization

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Apr 18, 2024	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Apr 18, 2024

Added

May 15, 2025

Modified

May 15, 2025

Description

The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page.

Solution

poll-maker-plugin-cve-2024-3600

References

URL-https://www.cve.org/CVERecord?id=CVE-2024-3600
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/fec015e1-7f64-4917-a242-90bd1135f680?source=api-prod
CVE-2024-3600
https://attackerkb.com/topics/CVE-2024-3600

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today