CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32514 – WordPress WP Poll Maker plugin <= 3.4 - Authenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32514
Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker. Este problema afecta a WP Poll Maker: desde n/a hasta 3.4. The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/epoll-wp-voting/wordpress-wp-poll-maker-plugin-3-4-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31240 – WordPress WP Poll Maker plugin <= 3.1 - Auth. Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-31240
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the it_epoll_theme_action_uninstall() function and insufficient file path validation in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files that may make remote code execution possible. • https://patchstack.com/database/vulnerability/epoll-wp-voting/wordpress-wp-poll-maker-plugin-3-1-subscriber-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29818 – WordPress WP Poll Maker plugin <= 3.1 - Authenticated Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29818
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker allows Stored XSS.This issue affects WP Poll Maker: from n/a through 3.1. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker permite XSS almacenado. Este problema afecta a WP Poll Maker: desde n/a hasta 3.1. The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/epoll-wp-voting/wordpress-wp-poll-maker-plugin-3-1-authenticated-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •