QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24651

Published: Oct 11, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.

Vendor	Product	Versions
Unknown	Poll Maker	affected `3.4.2 - < 3.4.2`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.