CVE-2024-24874
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into web pages using the CP Polls WordPress plugin. When exploited, it can lead to cross-site scripting (XSS) attacks that steal user sessions or deface websites. All WordPress sites using CP Polls versions up to 1.0.71 are affected.
💻 Affected Systems
- WordPress CP Polls plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, or redirect visitors to malicious sites.
Likely Case
Attackers inject malicious JavaScript to steal user session cookies, perform actions as authenticated users, or deface poll pages.
If Mitigated
With proper input validation and output encoding, the impact is limited to minor content manipulation without privilege escalation.
🎯 Exploit Status
Basic XSS vulnerabilities are commonly weaponized in automated attacks against WordPress sites.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.72 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/cp-polls/wordpress-polls-cp-plugin-1-0-71-content-injection-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Polls CP' plugin. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.0.72+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable CP Polls Plugin
allTemporarily disable the vulnerable plugin until patching is possible.
wp plugin deactivate cp-polls
Implement WAF Rules
allAdd web application firewall rules to block XSS payloads targeting poll parameters.
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to prevent script execution from untrusted sources.
- Use WordPress security plugins with XSS protection features and monitor for suspicious poll submissions.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for CP Polls version. If version is 1.0.71 or lower, you are vulnerable.Check Version:
wp plugin get cp-polls --field=versionVerify Fix Applied:
After updating, verify CP Polls plugin version shows 1.0.72 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to poll submission endpoints with script tags in parameters
- Multiple failed poll submissions with JavaScript payloads
Network Indicators:
- HTTP requests containing <script> tags in poll-related parameters
- Unusual traffic patterns to /wp-content/plugins/cp-polls/ endpoints
SIEM Query:
source="wordpress.log" AND ("cp-polls" OR "poll") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")