WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04) - Vulnerability Database

WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04)

Description

WordPress Plugin WordPress Poll is prone to multiple SQL injection and security bypass vulnerabilities. Exploiting these issues could allow an attacker to bypass certain security restrictions and perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WordPress Poll version 34.04 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 35.0 or latest

References

http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html

http://packetstormsecurity.com/files/119736/Cardoza-WordPress-Poll-34.05-SQL-Injection.html

http://seclists.org/bugtraq/2013/Jan/86

http://www.securityfocus.com/archive/1/525370

http://secunia.com/advisories/51942/

Related Vulnerabilities

Severity

High

Classification

CVE-2013-1400

CVE-2013-1401

CWE-89

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N