CVE-2024-8854
📋 TL;DR
The Polls CP WordPress plugin before version 1.0.77 contains a stored cross-site scripting (XSS) vulnerability in poll settings. This allows authenticated administrators to inject malicious scripts that execute when other users view affected polls. The vulnerability bypasses WordPress's unfiltered_html restriction, making it particularly dangerous in multisite installations.
💻 Affected Systems
- Polls CP WordPress Plugin
📦 What is this software?
Polls Cp by Codepeople
⚠️ Risk & Real-World Impact
Worst Case
An attacker with admin privileges could inject malicious JavaScript that steals session cookies, redirects users to phishing sites, or performs actions on behalf of authenticated users, potentially leading to full site compromise.
Likely Case
Malicious admin injects JavaScript that executes when users view polls, potentially stealing user sessions or displaying unwanted content.
If Mitigated
With proper user access controls and regular plugin updates, impact is limited to authorized administrators who would need to intentionally exploit their own site.
🎯 Exploit Status
Exploitation requires admin-level access. The vulnerability is well-documented with proof-of-concept available from security researchers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.77
Vendor Advisory: https://wpscan.com/vulnerability/bffe0f75-33a2-4270-af13-835b8eb65688/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Polls CP' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.0.77+ from WordPress repository and replace existing plugin files.
🔧 Temporary Workarounds
Disable Polls CP Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate polls-cp
Restrict Admin Access
allLimit administrator accounts to trusted personnel only
🧯 If You Can't Patch
- Remove administrator access from untrusted users
- Implement web application firewall (WAF) rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Polls CP version. If version is below 1.0.77, system is vulnerable.Check Version:
wp plugin get polls-cp --field=versionVerify Fix Applied:
Verify plugin version is 1.0.77 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual poll creation/modification by admin users
- JavaScript payloads in poll content fields
Network Indicators:
- Unexpected JavaScript loading from poll pages
- External script calls from poll content
SIEM Query:
source="wordpress" AND (event="plugin_update" AND plugin="polls-cp" AND version<"1.0.77") OR (event="poll_modified" AND user_role="administrator")