Description

WordPress Plugin WordPress Poll is prone to multiple SQL injection and security bypass vulnerabilities. Exploiting these issues could allow an attacker to bypass certain security restrictions and perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WordPress Poll version 34.04 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 35.0 or latest

References

http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html

http://packetstormsecurity.com/files/119736/Cardoza-WordPress-Poll-34.05-SQL-Injection.html

http://seclists.org/bugtraq/2013/Jan/86

http://www.securityfocus.com/archive/1/525370

http://secunia.com/advisories/51942/

Related Vulnerabilities

Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19)

PHP Other Vulnerability (CVE-2003-0097)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1052)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4305)

WordPress Plugin Relevanssi Premium-A Better Search Cross-Site Scripting (1.14.8)

Severity

High

Classification

CVE-2013-1400 CVE-2013-1401 CWE-89 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass SQL Injection