CVE-2021-24454

Name of the Vulnerable Software and Affected Versions YOP Poll WordPress plugin versions prior to 6.2.8

Description The issue arises when a poll is created with specific options, leading to Stored Cross-Site Scripting issues. This occurs because the 'Other' answer is not sanitized before being output on the page. The execution of the XSS payload depends on the 'Show results' option, which could be before or after sending the vote.

Recommendations For YOP Poll WordPress plugin versions prior to 6.2.8, update to version 6.2.8 or later to resolve the issue. As a temporary workaround, consider disabling the 'Allow other answers' and 'Display other answers in the result list' options to minimize the risk of exploitation. Restrict access to polls with the 'Show results' option enabled until the issue is resolved.