Lucene search

WordfenceCVELIST:CVE-2024-2080

HistoryMar 22, 2024 - 1:59 a.m.

CVE-2024-2080

2024-03-2201:59:58

Wordfence

www.cve.org

liquidpoll

wordpress

sensitive information exposure

polls

surveys

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private.

CNA Affected

[
  {
    "vendor": "liquidpoll",
    "product": "LiquidPoll – Polls, Surveys, NPS and Feedback Reviews",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "3.3.76",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054831%40wp-poll&new=3054831%40wp-poll&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/84f57623-b6a6-4717-857d-93fa9d279882?source=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-2080