QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24833

Published: Nov 17, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of question and answer text parameters in Create Poll module.

Vendor	Product	Versions
Unknown	YOP Poll	affected `6.3.1 - < 6.3.1`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/7cb39087-fbab-463d-9592-003e3fca6d34

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/2605368

x_refsource_CONFIRM

https://www.fortiguard.com/zeroday/FG-VD-21-052

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.