Lucene search

WpvulndbWPVDB-ID:C9BEC2F4-6183-44C9-A462-BD8B32209EB2

HistoryMar 21, 2024 - 12:00 a.m.

LiquidPoll – Polls, Surveys, NPS and Feedback Reviews < 3.3.77 - Information Exposure

2024-03-2100:00:00

wpscan.com

liquidpoll

wordpress

vulnerability

information exposure

poller_list

authenticated attackers

contributor-level access

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Description The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private.

CPENameOperatorVersion
eq3.3.77

CPE	Name	Operator	Version
		eq	3.3.77

References

www.wordfence.com/threat-intel/vulnerabilities/id/84f57623-b6a6-4717-857d-93fa9d279882

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for WPVDB-ID:C9BEC2F4-6183-44C9-A462-BD8B32209EB2