CVE-2024-13602
📋 TL;DR
The Poll Maker WordPress plugin before version 5.5.4 contains a stored cross-site scripting (XSS) vulnerability in its settings. This allows authenticated administrators to inject malicious scripts that execute when other users view affected pages, even in WordPress multisite setups where unfiltered_html is restricted. Only WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Poll Maker WordPress Plugin
📦 What is this software?
Poll Maker by Ays Pro
⚠️ Risk & Real-World Impact
Worst Case
An attacker with admin privileges could inject malicious JavaScript that steals session cookies, redirects users to phishing sites, or performs actions on behalf of authenticated users, potentially leading to full site compromise.
Likely Case
Malicious admin injects tracking scripts or defaces poll pages visible to regular users, damaging site integrity and user trust.
If Mitigated
With proper user access controls and regular plugin updates, impact is limited to minor content manipulation by trusted admins.
🎯 Exploit Status
Exploitation requires admin privileges. Attack involves injecting scripts through plugin settings that persist and execute when users view affected content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.5.4
Vendor Advisory: https://wpscan.com/vulnerability/05d5010b-94eb-4fd3-b962-e2a16c032b71/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Poll Maker' and check if version is below 5.5.4. 4. Click 'Update Now' if available, or download version 5.5.4+ from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Remove vulnerable plugin
allTemporarily disable or remove the Poll Maker plugin until patched
wp plugin deactivate poll-maker
wp plugin delete poll-maker
Restrict admin access
allLimit admin privileges to trusted users only and implement role-based access controls
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to mitigate XSS impact
- Use web application firewall (WAF) rules to block XSS payloads in plugin settings
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Poll Maker version. If version is below 5.5.4, system is vulnerable.Check Version:
wp plugin get poll-maker --field=versionVerify Fix Applied:
After update, confirm Poll Maker version shows 5.5.4 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual admin activity modifying poll settings
- JavaScript payloads in plugin configuration data
Network Indicators:
- Suspicious outbound connections from poll pages to external domains
SIEM Query:
source="wordpress" AND (event="plugin_updated" AND plugin_name="poll-maker" AND version<"5.5.4") OR (event="settings_modified" AND plugin="poll-maker")