WordPress Plugin Vulnerabilities

Poll Maker < 4.7.2 - Missing Authorization

Description

The Poll Maker plugin for WordPress is vulnerable to unauthorized access of data or functionality due to a missing capability check on one of its functions in all versions up to, and including, 4.7.1. This makes it possible for unauthenticated attackers to make use of this function.

Affects Plugins

Plugin icon
poll-maker
Fixed in 4.7.2

References

CVE
CVE-2023-45766
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/6a27fcc6-b1ac-4649-892b-7e0dee3f0d08

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
f248bc81-4c97-42ea-bdfc-2290ad9052e9

Timeline

Publicly Published
2023-10-12 (about 7 months ago)
Added
2023-11-23 (about 5 months ago)
Last Updated
2024-01-11 (about 4 months ago)

Other

Published
Title
Published
2024-04-05
Title
Easy Social Share Buttons < 9.5 - Missing Authorization
Published
2024-03-29
Title
SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting
Published
2024-04-22
Title
Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! < 2.1.3 - Missing Authorization to Subscriber+ Arbitrary Post Creation
Published
2024-01-31
Title
Website Builder by SeedProd < 6.15.22 - Unauthenticated Plugin Page Content Update
Published
2023-04-05
Title
YourChannel < 1.2.4 - Unauthenticated Settings Reset