Vulnerability Description
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of question and answer text parameters in Create Poll module.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yop-Poll | Yop Poll | < 6.3.1 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2605368PatchThird Party Advisory
- https://wpscan.com/vulnerability/7cb39087-fbab-463d-9592-003e3fca6d34Third Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-21-052Third Party Advisory
- https://plugins.trac.wordpress.org/changeset/2605368PatchThird Party Advisory
- https://wpscan.com/vulnerability/7cb39087-fbab-463d-9592-003e3fca6d34Third Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-21-052Third Party Advisory
FAQ
What is CVE-2021-24833?
CVE-2021-24833 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to ...
How severe is CVE-2021-24833?
CVE-2021-24833 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24833?
Check the references section above for vendor advisories and patch information. Affected products include: Yop-Poll Yop Poll.