Description

WordPress Plugin WordPress Poll is prone to multiple SQL injection and security bypass vulnerabilities. Exploiting these issues could allow an attacker to bypass certain security restrictions and perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WordPress Poll version 34.04 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 35.0 or latest

References

http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html

http://packetstormsecurity.com/files/119736/Cardoza-WordPress-Poll-34.05-SQL-Injection.html

http://seclists.org/bugtraq/2013/Jan/86

http://www.securityfocus.com/archive/1/525370

http://secunia.com/advisories/51942/

Related Vulnerabilities

WordPress Plugin Magic Fields Cross-Site Scripting (1.7.1)

WordPress Plugin Clerk Security Bypass (3.8.3)

WordPress Plugin Bing Site Verification using Meta Tag Cross-Site Scripting (1.0)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7872)

Oracle Application Server CVE-2008-0347 Vulnerability (CVE-2008-0347)

Severity

High

Classification

CVE-2013-1400 CVE-2013-1401 CWE-89 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass SQL Injection