CVE-2020-11673
First published: Mon Apr 13 2020(Updated: )
An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage of the callback wp_ajax_nopriv function in Includes/Total-Soft-Poll-Ajax.php for sensitive operations.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Total-soft Responsive Poll | <=1.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue with the Responsive Poll plugin for WordPress?
The vulnerability ID for this issue is CVE-2020-11673.
What is the severity of CVE-2020-11673?
The severity of CVE-2020-11673 is critical with a CVSS score of 9.8.
What is the affected software?
The affected software is the Total-soft Responsive Poll plugin for WordPress version 1.3.4 and below.
What can an unauthenticated user do with this vulnerability?
An unauthenticated user can manipulate polls, such as deleting, cloning, or viewing hidden polls.
How can I fix the vulnerability in the Responsive Poll plugin for WordPress?
To fix the vulnerability, update the Total-soft Responsive Poll plugin to a version higher than 1.3.4.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/total-soft
- canonical/total-soft responsive poll
- version/total-soft responsive poll/1.3.4