Login Sign Up

CVE-2024-13711

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

The Pollin WordPress plugin has a reflected cross-site scripting vulnerability in all versions up to 1.01.1. Unauthenticated attackers can inject malicious scripts via the 'question' parameter, which could steal user credentials or session cookies when victims click specially crafted links. Any WordPress site using the vulnerable Pollin plugin is affected.

💻 Affected Systems

Products:
  • Pollin WordPress Plugin
Versions: All versions up to and including 1.01.1
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress sites with the Pollin plugin installed and activated.

📦 What is this software?

Pollin by Bin Co

View all CVEs affecting Pollin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, take over the WordPress site, install backdoors, or redirect users to malicious sites.

🟠

Likely Case

Attackers steal user session cookies or credentials through phishing links, potentially compromising individual user accounts.

🟢

If Mitigated

With proper web application firewalls and user awareness training, impact is limited to failed exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (clicking a malicious link) but is trivial to execute once the link is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.01.2 or later

Vendor Advisory: https://wordpress.org/plugins/pollin/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Pollin plugin and click 'Update Now'. 4. Verify version is 1.01.2 or higher.

🔧 Temporary Workarounds

Disable Pollin Plugin

all

Temporarily deactivate the vulnerable plugin until patched

wp plugin deactivate pollin

Web Application Firewall Rule

all

Block requests containing malicious script patterns in the 'question' parameter

🧯 If You Can't Patch

  • Implement Content Security Policy headers to restrict script execution
  • Educate users about phishing risks and suspicious links

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for Pollin version ≤1.01.1

Check Version:

wp plugin get pollin --field=version

Verify Fix Applied:

Confirm Pollin plugin version is 1.01.2 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with suspicious script tags in 'question' parameter
  • Multiple failed XSS attempts from same IP

Network Indicators:

  • Unusual GET requests with encoded script payloads in query parameters

SIEM Query:

web.url:*question=*<script* OR web.url:*question=*javascript:*

📊 Metadata

CVE ID: CVE-2024-13711
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.52% exploit probability (66.3th percentile)
Published: February 19, 2025
Last Updated: March 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13711, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)