WP-Polls 2.73 - Reflected Cross-site Scripting
Advisory ID: RO-16-005
CVE ID: CVE-2016-10936
Severity: Medium
Vendor: WordPress
Product: WP-Polls
Version: 2.73


Overview #

A Reflected Cross-site Scripting (XSS) vulnerability exists in WP-Polls WordPress Plugin version 2.73.


Vulnerability Details #

Affected Versions: 2.73 and earlier

CVE: CVE-2016-10936

Root Cause: Insufficient input validation in the poll options page.
Technical Details #

Vulnerable URL: /wp-admin/admin.php?page=wp-polls/polls-options.php

Vulnerable Parameter (POST): poll_bar_style

Attack Pattern:

'" onmouseover=alert(0x000C5A)



Exploitation Requirements #

    Admin authentication required
    Victim must interact with the malicious element

Impact #

Remote attackers can exploit this vulnerability to:

    Steal admin session cookies
    Perform administrative actions
    Modify poll settings



Solution #

Update to the latest version of WP-Polls. See changelog.


References #

    Invicti Advisory NS-16-009

Timeline:

    [2016-06-28] - First Contact
    [2016-06-29] - Vendor Replied
    [2016-07-29] - Advisory Released

Credits: Omar Kurt