WP-Polls 2.73 - Reflected Cross-site Scripting
Advisory ID: RO-16-005
CVE ID: CVE-2016-10936
Severity: Medium
Vendor: WordPress
Product: WP-Polls
Version: 2.73
Overview #
A Reflected Cross-site Scripting (XSS) vulnerability exists in WP-Polls WordPress Plugin version 2.73.
Vulnerability Details #
Affected Versions: 2.73 and earlier
CVE: CVE-2016-10936
Root Cause: Insufficient input validation in the poll options page.
Technical Details #
Vulnerable URL: /wp-admin/admin.php?page=wp-polls/polls-options.php
Vulnerable Parameter (POST): poll_bar_style
Attack Pattern:
'" onmouseover=alert(0x000C5A)
Exploitation Requirements #
- Admin authentication required
- Victim must interact with the malicious element
Impact #
Remote attackers can exploit this vulnerability to:
- Steal admin session cookies
- Perform administrative actions
- Modify poll settings
Solution #
Update to the latest version of WP-Polls. See changelog.
References #
Timeline:
- [2016-06-28] - First Contact
- [2016-06-29] - Vendor Replied
- [2016-07-29] - Advisory Released
Credits: Omar Kurt