CVE-2021-24833
Last modified
CVE-2021-24833 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of question and answer text parameters in Create Poll module.. EPSS estimates a 1.09% chance of exploitation in the next 30 days.
Description
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of question and answer text parameters in Create Poll module.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Yop-Poll | Yop Poll | < 6.3.1 |
References
- https://plugins.trac.wordpress.org/changeset/2605368Patch, Third Party Advisory
- https://wpscan.com/vulnerability/7cb39087-fbab-463d-9592-003e3fca6d34Third Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-21-052Third Party Advisory
- https://plugins.trac.wordpress.org/changeset/2605368Patch, Third Party Advisory
- https://wpscan.com/vulnerability/7cb39087-fbab-463d-9592-003e3fca6d34Third Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-21-052Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-24833?
How severe is CVE-2021-24833?
How do I fix CVE-2021-24833?
Are you affected by CVE-2021-24833?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST