CVE-2021-24651

CVE-2021-24651: Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection

Vendor Unknown
Product Poll Maker
Weakness CWE-89 · SQLi
Published October 11, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.

Key dates

02Disclosure timeline

October 11, 2021 CVE published
August 3, 2024 Record updated