WordPress · The Poll Maker – Versus Polls · CVE-2024-12575
Name of the Vulnerable Software and Affected Versions:
Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress versions up to and including 5.8.9
Description:
The WordPress plugin is susceptible to Basic Information Exposure via the `ays finish poll` API endpoint. This allows unauthenticated attackers to retrieve admin email information exposed in the poll response.
Recommendations:
Update the Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin to a version later than 5.8.9.