CVE-2023-6109

YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation

CVSS 5.3 MEDIUMEPSS 0.4%CWE-362

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 nov 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Productos afectados

yourownprogrammer · YOP Poll

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://plugins.trac.wordpress.org/changeset/2959124/yop-poll/trunk/admin/models/votes.php https://www.wordfence.com/threat-intel/vulnerabilities/id/360b1927-a863-46be-ad11-3f6251c75a3c?source=cve