CVE-2023-34013 — Server-Side Request Forgery in Maker Team Poll Maker Best Wordpress Poll Plugin

CWE-918 — Server-Side Request Forgery3 documents3 sources

Severity

7.5HIGHNVD

CNA4.4

EPSS

0.1%

top 64.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Poll Maker Team Poll Maker Best Wordpress Poll Plugin Ays-pro Poll Maker

Timeline

PublishedNov 13

Description

Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5poll_maker_team/poll_maker_best_wordpress_poll_pluginn/a — 4.6.2

▶NVDays-pro/poll_maker4.6.2

🔴Vulnerability Details

GHSA

GHSA-rjg3-r8f3-xp64: Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin↗2023-11-13

▶

CVEList

WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF)↗2023-11-13

▶