10 matches found
CVE-2025-65020
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...
CVE-2025-65020
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...
CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...
CVE-2025-65020
Rallly (open-source scheduling tool) has an IDOR in the poll duplication endpoint /api/trpc/polls.duplicate that allows any authenticated user to duplicate polls they do not own by modifying the pollId. Root cause: insecure direct object reference. Impact: bypasses access control and enables clon...
CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...
CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...
PT-2025-47501
Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description Rallly is a scheduling and collaboration tool. An Insecure Direct Object Reference IDOR exists in the poll duplication endpoint /api/trpc/polls.duplicate. An authenticated user can bypass access...
CVE-2024-12115
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicatepoll function. This makes it possible for unauthenticated...
PT-2024-17447 · WordPress · The Poll Maker – Versus Polls
Name of the Vulnerable Software and Affected Versions: The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress versions up to, and including, 5.5.4 Description: The issue is due to missing or incorrect nonce validation on the duplicate poll function, making it possible fo...
WordPress Poll Maker plugin <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication vulnerability
Cross-Site Request Forgery to Poll Duplication vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Poll Maker versions = 5.5.4...