CVE-2021-24834

Name of the Vulnerable Software and Affected Versions YOP Poll versions prior to 6.3.1

Description The issue is related to a stored Cross-Site Scripting vulnerability in the Create Poll - Options module of the YOP Poll WordPress plugin. This vulnerability exists due to insufficient validation of custom label parameters, specifically the vote button label, results link label, and back to vote caption label. This allows a user with a role as low as author to execute arbitrary script code within the context of the application, potentially leading to remote exploitation.

Recommendations For versions prior to 6.3.1, update to version 6.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Create Poll - Options module or disabling the execution of custom label parameters until a patch is applied. Avoid using the parameters vote button label, results link label, and back to vote caption label in the affected module until the issue is resolved.