CVE-2021-34635

Name of the Vulnerable Software and Affected Versions: Poll Maker WordPress plugin versions up to and including 3.2.8

Description: The issue allows attackers to inject arbitrary web scripts via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file, enabling Reflected Cross-Site Scripting attacks.

Recommendations: For versions up to and including 3.2.8, update to a version later than 3.2.8 to resolve the issue. As a temporary workaround, consider restricting access to the ~/admin/partials/settings/poll-maker-settings.php file to minimize the risk of exploitation. Avoid using the mcount parameter in the affected file until the issue is resolved.