CVE-2024-12115 – This CSRF vulnerability in the Poll Maker WordP... (How to Fix)

Q: What is the severity of CVE-2024-12115?

CVE-2024-12115 has a CVSS score of 4.3 (MEDIUM). This CSRF vulnerability in the Poll Maker WordPress plugin allows unauthenticated attackers to duplicate polls by tricking administrators into clicking malicious links. All WordPress sites using Poll Maker plugin versions up to 5.5.4 are affected. Attackers can create duplicate polls without proper authorization.

📋 TL;DR

This CSRF vulnerability in the Poll Maker WordPress plugin allows unauthenticated attackers to duplicate polls by tricking administrators into clicking malicious links. All WordPress sites using Poll Maker plugin versions up to 5.5.4 are affected. Attackers can create duplicate polls without proper authorization.

💻 Affected Systems

Products:

Poll Maker – Versus Polls, Anonymous Polls, Image Polls WordPress plugin

Versions: All versions up to and including 5.5.4

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with vulnerable plugin version. Attack requires administrator interaction with malicious link.

📦 What is this software?

Poll Maker by Ays Pro

View all CVEs affecting Poll Maker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could flood the site with duplicate polls, causing database bloat and potentially disrupting legitimate poll functionality. Repeated exploitation could degrade site performance.

🟠

Likely Case

Unauthorized poll duplication creating administrative confusion and poll data pollution. Attackers could create misleading or malicious polls.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to minor administrative inconvenience.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick administrators. No authentication required for the CSRF attack itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.5.5

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3202972/poll-maker/tags/5.5.5/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Poll Maker' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 5.5.5+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Deactivate the Poll Maker plugin until patched

CSRF Protection via .htaccess

linux

Add CSRF protection headers at web server level

Header set X-Frame-Options "SAMEORIGIN"
Header set Content-Security-Policy "frame-ancestors 'self'"

🧯 If You Can't Patch

Implement strict SameSite cookie policies for admin sessions
Educate administrators about phishing risks and require confirmation for poll management actions

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Poll Maker version. If version is 5.5.4 or lower, system is vulnerable.

Check Version:

wp plugin list --name='poll-maker' --field=version

Verify Fix Applied:

Verify plugin version is 5.5.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple poll creation events from same admin session in short timeframe
POST requests to /wp-admin/admin-ajax.php with action=duplicate_poll

Network Indicators:

Cross-origin requests to poll duplication endpoints
Referer header mismatches on admin actions

SIEM Query:

source="wordpress.log" AND "action=duplicate_poll" AND status=200 | stats count by src_ip, user_agent

📊 Metadata

CVE ID: CVE-2024-12115

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

Published: December 7, 2024

Last Updated: May 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12115, you might also want to check these: