CVE-2021-24833

CVE-2021-24833: YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Preview Module

Vendor Unknown
Product YOP Poll
Weakness CWE-79 · XSS
Published November 17, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of question and answer text parameters in Create Poll module.

Key dates

02Disclosure timeline

November 17, 2021 CVE published
August 3, 2024 Record updated