CVE-2024-6720
📋 TL;DR
The Light Poll WordPress plugin through version 1.0.0 lacks Cross-Site Request Forgery (CSRF) protection on certain endpoints, allowing attackers to trick authenticated users into performing unintended actions. This affects WordPress sites using the vulnerable plugin version. Attackers could manipulate polls or perform other administrative actions without user consent.
💻 Affected Systems
- Light Poll WordPress Plugin
📦 What is this software?
Light Poll by Dmytropopov
⚠️ Risk & Real-World Impact
Worst Case
Attackers could manipulate poll results, delete polls, or perform other administrative actions that could compromise data integrity or site functionality, potentially leading to reputational damage.
Likely Case
Attackers manipulate poll data or perform unauthorized administrative actions within the plugin, affecting poll accuracy and potentially disrupting user engagement.
If Mitigated
With proper CSRF protections implemented, authenticated users would be protected from unauthorized actions triggered by malicious requests, maintaining poll integrity.
🎯 Exploit Status
Exploitation requires tricking an authenticated user into clicking a malicious link or visiting a compromised page. No authentication bypass is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.1 or later
Vendor Advisory: https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Light Poll plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable Light Poll Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate light-poll
Implement CSRF Protection Manually
allAdd CSRF tokens to plugin forms if you have development expertise.
🧯 If You Can't Patch
- Disable the Light Poll plugin completely to eliminate risk.
- Restrict admin access to trusted networks only and implement strong user awareness training about phishing.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Light Poll version. If version is 1.0.0 or earlier, it is vulnerable.Check Version:
wp plugin get light-poll --field=versionVerify Fix Applied:
After update, verify Light Poll plugin version is 1.0.1 or later in WordPress admin plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual poll modifications from unexpected IP addresses
- Multiple failed CSRF token validations in WordPress debug logs
Network Indicators:
- HTTP POST requests to Light Poll admin endpoints without referrer headers or CSRF tokens
SIEM Query:
source="wordpress.log" AND "light-poll" AND ("POST" OR "admin-ajax.php")