CVE-2024-6720

HIGH

Light Poll WordPress Plugin < 1.0.0 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

References (1)

Core 1
Core References
Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/

Scores

CVSS v3 8.8
EPSS 0.0021
EPSS Percentile 11.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
dmytropopov/light_poll < 1.0.0
Published Aug 06, 2024
Tracked Since Feb 18, 2026