The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Dmytropopov
  • Light Poll

Configuration 1 [-]

cpe:2.3:a:dmytropopov:light_poll:*:*:*:*:*:wordpress:*:*

No data.

References
Link Providers
https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/ cve-icon cve-icon
History

Mon, 28 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L'}

Wed, 07 Aug 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dmytropopov
Dmytropopov light Poll
Weaknesses CWE-352
CPEs cpe:2.3:a:dmytropopov:light_poll:*:*:*:*:*:wordpress:*:*
Vendors & Products Dmytropopov
Dmytropopov light Poll
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Tue, 06 Aug 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-08-06T15:28:44.640Z

Updated: 2024-10-28T19:51:09.560Z

Reserved: 2024-07-12T20:12:33.362Z

Link: CVE-2024-6720

cve-icon Vulnrichment

Updated: 2024-08-06T20:44:36.778Z

cve-icon NVD

Status : Modified

Published: 2024-08-06T16:15:49.817

Modified: 2024-10-28T20:35:26.733

Link: CVE-2024-6720

cve-icon Redhat

No data.