CVE-2021-24834

CVE-2021-24834: YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module

Vendor Unknown

Product YOP Poll

Weakness CWE-79 · XSS

Published November 17, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of custom label parameters - vote button label , results link label and back to vote caption label.

Key dates

02Disclosure timeline

November 17, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24834 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-52492 WordPress Image horizontal reel scroll slideshow plugin <= 13.4 - Stored Cross Site Scripting (XSS) vulnerability CVE-2020-15221 XSS in the breadcrumbs CVE-2025-15451 xnx3 wangmarket System Variables variableSave.do cross site scripting CVE-2024-3728 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle CVE-2023-3311 PuneethReddyHC online-shopping-system-advanced addsuppliers.php cross site scripting