Lucene search

K
wpvulndbVishnupriya IlangoWPVDB-ID:72F58B14-E5CB-4F1C-A16F-621238C6EBBF
HistoryOct 15, 2021 - 12:00 a.m.

YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module

2021-10-1500:00:00
Vishnupriya Ilango
wpscan.com
18
yop poll
cross-site scripting
options module
author role
validation parameters

EPSS

0.001

Percentile

25.8%

The plugin is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of custom label parameters - vote button label , results link label and back to vote caption label.

EPSS

0.001

Percentile

25.8%

Related for WPVDB-ID:72F58B14-E5CB-4F1C-A16F-621238C6EBBF