CVE-2021-24651
N/A
N/A
Summary
The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Poll Maker | 3.4.2 < 3.4.2 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
- CWE-203: CWE-203 Observable Discrepancy
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.