CVE-2024-9462

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Oct 26, 2024 / Updated: 25d ago

010
CVSS 5.5EPSS 0.07%Medium
CVE info copied to clipboard

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9462. See article

Oct 26, 2024 at 2:25 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as LOW

Oct 26, 2024 at 2:26 AM
CVE Assignment

NVD published the first details for CVE-2024-9462

Oct 26, 2024 at 3:15 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Oct 26, 2024 at 3:20 AM / nvd
EPSS

EPSS Score was set to: 0.07% (Percentile: 31.1%)

Oct 26, 2024 at 9:53 AM
Static CVE Timeline Graph

Affected Systems

Wordpress/wordpress
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

News

CVE Alert: CVE-2024-9462 - https://www.redpacketsecurity.com/cve_alert_cve-2024-9462/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_9462
CVE Alert: CVE-2024-9462 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_9462
CVE Alert: CVE-2024-9462 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-9462/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_9462
Update Sun Oct 27 14:34:00 UTC 2024
Update Sun Oct 27 14:34:00 UTC 2024
CVE-2024-9462
Medium Severity Description The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Read more at https://www.tenable.com/cve/CVE-2024-9462
Medium - CVE-2024-9462 - The Poll Maker – Versus Polls, Anonymous Polls,...
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to...
See 8 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Changed
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI