Description

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

Remediation

References

CVE-2018-15833

Related Vulnerabilities

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.3)

WordPress Plugin UnGallery Local File Disclosure (1.5.8)

MySQL CVE-2012-2750 Vulnerability (CVE-2012-2750)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-0762)

WordPress Plugin Advanced Woo Search Unspecified Vulnerability (1.69)

Severity

Medium

Classification

CVE-2018-15833 CWE-639 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities