Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-3600
HistoryApr 19, 2024 - 3:15 a.m.

CVE-2024-3600

2024-04-1903:15:06
[email protected]
web.nvd.nist.gov
cve-2024-3600
stored cross-site scripting
wordpress
plugin
vulnerability
unauthenticated attackers

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page.

Related

cvelist 1
wpvulndb 1
cve 1
wordfence 1
cvelist
cvelist
CVE-2024-3600
2024-04-19 02:34:44
wpvulndb
wpvulndb
Poll Maker – Best WordPress Poll Plugin < 5.1.9 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
2024-04-18 00:00:00
cve
cve
CVE-2024-3600
2024-04-19 03:15:06
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
2024-04-25 15:56:37

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for NVD:CVE-2024-3600
cvelist1wpvulndb1cve1wordfence1