Description

WordPress Plugin WordPress Poll is prone to multiple SQL injection and security bypass vulnerabilities. Exploiting these issues could allow an attacker to bypass certain security restrictions and perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WordPress Poll version 34.04 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 35.0 or latest

References

http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html

http://packetstormsecurity.com/files/119736/Cardoza-WordPress-Poll-34.05-SQL-Injection.html

http://seclists.org/bugtraq/2013/Jan/86

http://www.securityfocus.com/archive/1/525370

http://secunia.com/advisories/51942/

Related Vulnerabilities

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6635)

Jenkins Improper Input Validation Vulnerability (CVE-2018-1000068)

WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Security Bypass (9.3)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7939)

Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)

Severity

High

Classification

CVE-2013-1400 CVE-2013-1401 CWE-89 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass SQL Injection