What the vulnerability does
01Description
Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.5.
Explanation of Vulnerability in Simple Terms
TS Poll versions 2.5.5 and earlier lack proper authorization checks, allowing authenticated users to modify poll data they should not have access to. An attacker with a low-privilege account can alter poll content or settings without the necessary permissions. The vulnerability affects the integrity of poll data but does not expose sensitive information or disrupt availability.
What an attacker can do
Modify or alter poll data and settings without proper authorization.
Potential impact on your site
Polls can be altered by users who should not have permission to edit them, compromising poll integrity.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources