CVE-2024-3600
Last modified
CVE-2024-3600 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ays-Pro | Poll Maker | < 5.1.9 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-3600?
How severe is CVE-2024-3600?
How do I fix CVE-2024-3600?
Are you affected by CVE-2024-3600?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST