PT-2024-18707 · WordPress · Liquidpoll
Francesco Carlucci
·
Published
2024-03-21
·
Updated
2024-06-22
·
CVE-2024-2080
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress versions up to, and including, 3.3.76
Description
The issue allows authenticated attackers with contributor-level access and above to extract information from polls that may be private via the
poller list shortcode.Recommendations
For versions up to, and including, 3.3.76, consider disabling the
poller list shortcode until a patch is available to prevent sensitive information exposure.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liquidpoll