CVE-2021-34635: Poll Maker <= 3.2.8 - Reflected Cross-Site Scripting
First published: Mon Aug 02 2021(Updated: )
The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ays-pro Poll Maker | <=3.2.8 |
Remedy
Update plugin to version 3.2.9 or newer.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Poll Maker WordPress plugin vulnerability?
The vulnerability ID for the Poll Maker WordPress plugin vulnerability is CVE-2021-34635.
What is the severity of CVE-2021-34635?
The severity of CVE-2021-34635 is medium.
How does the Poll Maker WordPress plugin vulnerability work?
The Poll Maker WordPress plugin vulnerability allows attackers to inject arbitrary web scripts via the 'mcount' parameter in the poll-maker-settings.php file.
Which version of the Poll Maker WordPress plugin is affected by CVE-2021-34635?
Versions up to and including 3.2.8 of the Poll Maker WordPress plugin are affected by CVE-2021-34635.
How can I fix the Poll Maker WordPress plugin vulnerability?
To fix the Poll Maker WordPress plugin vulnerability, update to a version higher than 3.2.8.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/title
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/ays-pro
- canonical/ays-pro poll maker
- version/ays-pro poll maker/3.2.8