CVE-2024-32514 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-32514?

CVE-2024-32514 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows authenticated attackers to upload arbitrary files, including malicious scripts, to WordPress sites running the vulnerable WP Poll Maker plugin. Attackers can achieve remote code execution and compromise the entire website. All WordPress sites using WP Poll Maker versions up to 3.4 are affected.

📋 TL;DR

This vulnerability allows authenticated attackers to upload arbitrary files, including malicious scripts, to WordPress sites running the vulnerable WP Poll Maker plugin. Attackers can achieve remote code execution and compromise the entire website. All WordPress sites using WP Poll Maker versions up to 3.4 are affected.

💻 Affected Systems

Products:

WordPress WP Poll Maker plugin by Poll Maker & Voting Plugin Team (InfoTheme)

Versions: All versions up to and including 3.4

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access, but any authenticated user (including subscribers) can exploit this vulnerability.

📦 What is this software?

Wp Poll Maker by Infotheme

View all CVEs affecting Wp Poll Maker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website takeover, data theft, malware distribution, and server compromise leading to lateral movement within the network.

🟠

Likely Case

Website defacement, backdoor installation, credential theft, and use as a malware distribution platform.

🟢

If Mitigated

Limited impact if file uploads are restricted via web application firewall or server-side controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is trivial once authenticated. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/epoll-wp-voting/wordpress-wp-poll-maker-plugin-3-4-authenticated-arbitrary-file-upload-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Poll Maker and click 'Update Now'. 4. Verify version is 3.5 or higher.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily disable the WP Poll Maker plugin until patching is possible.

wp plugin deactivate wp-poll-maker

Restrict file uploads via .htaccess

linux

Block execution of uploaded files in the uploads directory.

<FilesMatch "\.(php|php5|php7|phtml|phar)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Remove authenticated user access for all non-administrative roles
Implement web application firewall rules to block file uploads to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → WP Poll Maker → Version. If version is 3.4 or lower, you are vulnerable.

Check Version:

wp plugin get wp-poll-maker --field=version

Verify Fix Applied:

After updating, verify version shows 3.5 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/uploads/wp-poll-maker/
POST requests to /wp-admin/admin-ajax.php with action=ays_poll_upload_file

Network Indicators:

Unexpected outbound connections from web server after file uploads
HTTP requests to known malicious domains from web server

SIEM Query:

source="web_access.log" AND (uri="/wp-admin/admin-ajax.php" AND post_data="action=ays_poll_upload_file")

📊 Metadata

CVE ID: CVE-2024-32514

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: April 17, 2024

Last Updated: June 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32514, you might also want to check these: