WP-Polls 2.73 - Reflected Cross-site Scripting

Advisory ID: RO-16-005
CVE ID: CVE-2016-10936
Severity: Medium
Vendor: WordPress
Product: WP-Polls
Version: 2.73

Overview #

A Reflected Cross-site Scripting (XSS) vulnerability exists in WP-Polls WordPress Plugin version 2.73.

Vulnerability Details #

Affected Versions: 2.73 and earlier

CVE: CVE-2016-10936

Root Cause: Insufficient input validation in the poll options page.

Technical Details #

Vulnerable URL: /wp-admin/admin.php?page=wp-polls/polls-options.php

Vulnerable Parameter (POST): poll_bar_style

Attack Pattern:

'" onmouseover=alert(0x000C5A)

Exploitation Requirements #

  • Admin authentication required
  • Victim must interact with the malicious element

Impact #

Remote attackers can exploit this vulnerability to:

  • Steal admin session cookies
  • Perform administrative actions
  • Modify poll settings

Solution #

Update to the latest version of WP-Polls. See changelog.

References #

Timeline:

  • [2016-06-28] - First Contact
  • [2016-06-29] - Vendor Replied
  • [2016-07-29] - Advisory Released

Credits: Omar Kurt