CVE-2024-6720

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:dmytropopov:light_poll:*:*:*:*:*:wordpress:*:*

History

07 Aug 2024, 20:53

Type Values Removed Values Added
Summary
  • (es) El complemento Light Poll de WordPress hasta la versión 1.0.0 no tiene comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los usuarios registrados realicen acciones no deseadas a través de ataques CSRF.
CPE cpe:2.3:a:dmytropopov:light_poll:*:*:*:*:*:wordpress:*:*
CWE CWE-352
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References () https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/ - () https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/ - Third Party Advisory
First Time Dmytropopov
Dmytropopov light Poll

06 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 16:15

Updated : 2024-10-28 20:35


NVD link : CVE-2024-6720

Mitre link : CVE-2024-6720

CVE.ORG link : CVE-2024-6720


JSON object : View

Products Affected

dmytropopov

  • light_poll
CWE
CWE-352

Cross-Site Request Forgery (CSRF)