CVE-2024-9022 – This SQL injection vulnerability in the TS Poll... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in the TS Poll WordPress plugin allows authenticated attackers with Administrator-level access to execute arbitrary SQL queries. Attackers can extract sensitive information from the database, including user credentials and other confidential data. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

TS Poll – Survey, Versus Poll, Image Poll, Video Poll WordPress plugin

Versions: All versions up to and including 2.3.9

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated Administrator-level access to exploit

📦 What is this software?

Ts Poll by Total Soft

View all CVEs affecting Ts Poll →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to credential theft, data exfiltration, privilege escalation, and potential site takeover.

🟠

Likely Case

Extraction of sensitive data including user information, passwords, and other confidential database contents.

🟢

If Mitigated

Limited impact if proper access controls and input validation are in place, though SQL injection would still be possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires Administrator credentials but is straightforward once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.0 or later

Vendor Advisory: https://total-soft.com/wp-poll/

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'TS Poll' plugin
4. Click 'Update Now' if update is available
5. Alternatively, download version 2.4.0+ from WordPress repository and manually update

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the TS Poll plugin until patched

wp plugin deactivate poll-wp

Web Application Firewall rule

all

Block SQL injection attempts targeting the orderby parameter

🧯 If You Can't Patch

Remove Administrator access from untrusted users
Implement strict input validation and parameterized queries at application level

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for TS Poll version ≤2.3.9

Check Version:

wp plugin get poll-wp --field=version

Verify Fix Applied:

Verify plugin version is 2.4.0 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by successful Administrator login
Suspicious orderby parameter values in web server logs

Network Indicators:

SQL injection patterns in HTTP requests to poll-related endpoints

SIEM Query:

source="web_server" AND ("orderby" AND ("UNION" OR "SELECT" OR "FROM" OR "WHERE"))

📊 Metadata

CVE ID: CVE-2024-9022

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 10, 2024

Last Updated: October 15, 2024

🔗 References

https://github.com/capture0x/Poll-Plugin-SQL-Injection- Exploit,Third Party Advisory
https://packetstormsecurity.com/files/179414/WordPress-Poll-2.3.6-SQL-Injection.html Exploit,Third Party Advisory,VDB Entry
https://total-soft.com/wp-poll/ Product
https://wordpress.org/plugins/poll-wp/#developers Product,Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/d16363d6-ca4b-4de0-abae-a7b07803e2e3?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9022, you might also want to check these: