Description
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Statistics Cross-Site Scripting (13.2.1)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.24)
MySQL CVE-2018-2805 Vulnerability (CVE-2018-2805)
WordPress Plugin WordPress File Upload Arbitrary File Upload (3.4.0)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3946)