CVE-2021-24833

Name of the Vulnerable Software and Affected Versions YOP Poll WordPress plugin versions prior to 6.3.1

Description The issue is related to a stored Cross-Site Scripting problem in the Admin preview module. It arises due to insufficient validation of question and answer text parameters in the Create Poll module, allowing a user with a role as low as author to execute arbitrary script code within the application context. This could potentially impact the confidentiality and integrity of protected information.

Recommendations For versions prior to 6.3.1, update to version 6.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin preview module and the Create Poll functionality to minimize the risk of exploitation. Avoid using the question and answer text parameters in the Create Poll module until the issue is resolved.