CVE-2024-3601
📋 TL;DR
The Poll Maker WordPress plugin has an authorization vulnerability that allows unauthenticated attackers to extract email addresses through character-by-character enumeration. This affects all WordPress sites using Poll Maker plugin versions up to 5.1.8. The vulnerability stems from missing capability checks in the ays_poll_create_author function.
💻 Affected Systems
- Poll Maker – Best WordPress Poll Plugin
📦 What is this software?
Poll Maker by Ays Pro
⚠️ Risk & Real-World Impact
Worst Case
Mass email address harvesting leading to targeted phishing campaigns, spam distribution, or credential stuffing attacks against exposed users.
Likely Case
Limited email address extraction from poll participants, potentially exposing user contact information and enabling targeted spam.
If Mitigated
No data exposure if proper access controls are implemented or the vulnerable function is disabled.
🎯 Exploit Status
Exploitation requires simple HTTP requests to enumerate email addresses character by character. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.1.9
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071296%40poll-maker&new=3071296%40poll-maker&sfp_email=&sfph_mail=
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Poll Maker plugin. 4. Click 'Update Now' if available, or manually update to version 5.1.9+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Disable Poll Maker Plugin
allTemporarily deactivate the vulnerable plugin until patching is possible
wp plugin deactivate poll-maker
Web Application Firewall Rule
allBlock requests to the vulnerable ays_poll_create_author function
Add WAF rule to block: /wp-admin/admin-ajax.php?action=ays_poll_create_author
🧯 If You Can't Patch
- Implement strict network access controls to limit plugin exposure to trusted IPs only
- Monitor logs for suspicious requests to admin-ajax.php with the ays_poll_create_author action
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Poll Maker version. If version is 5.1.8 or lower, system is vulnerable.Check Version:
wp plugin get poll-maker --field=versionVerify Fix Applied:
Confirm Poll Maker plugin version is 5.1.9 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to /wp-admin/admin-ajax.php with action=ays_poll_create_author parameter
- Unusual pattern of requests with incremental character parameters
Network Indicators:
- HTTP traffic to admin-ajax.php endpoint with ays_poll_create_author action from unauthenticated sources
SIEM Query:
source="web_logs" AND uri_path="/wp-admin/admin-ajax.php" AND query_string="*action=ays_poll_create_author*"🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071296%40poll-maker&new=3071296%40poll-maker&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fc0505a1-c7c4-4cf1-97cd-123a4dddcea3?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071296%40poll-maker&new=3071296%40poll-maker&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fc0505a1-c7c4-4cf1-97cd-123a4dddcea3?source=cve
