A Cross-Site Scripting (XSS) vulnerability has been identified in the WordPress Poll Maker Plugin. This vulnerability could allow an attacker to inject malicious scripts into the affected website, potentially compromising the security of the website and its visitors.

This vulnerability was discovered and responsibly reported by Le Ngoc Anh.

The vulnerability is an XSS vulnerability that occurs in the poll-maker.php file. The vulnerability allows an attacker to inject malicious scripts into the affected website by exploiting a flaw in the way that the plugin handles user input.

Severity:

The vulnerability has a CVSS 3.1 score of 7.1, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

To address this security vulnerability and shield the website from potential exploitation, it is imperative to update the Poll Maker Plugin to at least version 4.7.1, the latest available release.

Impact:

An attacker who successfully exploits this vulnerability could inject malicious scripts into the affected website, such as:

  • Redirects
  • Advertisements
  • Other HTML payloads

These malicious scripts could then be executed by visitors to the website, potentially leading to a variety of security risks, such as:

  • Phishing attacks
  • Malware infections
  • Identity theft

Recommendation

Users can take the following actions to reduce the risk of exploitation:

  • Immediate Update: Ensure that WordPress Poll Maker Plugin is updated to at least version 4.7.1, or the latest available version. This update contains critical patches to address the XSS vulnerability and enhance overall plugin security.
  • Routine Security Assessments: Conduct regular security assessments of the WordPress website. Timely identification and mitigation of vulnerabilities are essential to maintaining a robust security posture.