CVE-2024-8625 Scanner

The WordPress TS Poll plugin is widely used by bloggers and website administrators to create interactive polls on their WordPress sites. Developed by Total Soft, it allows users to integrate polls easily into posts and pages. This plugin is popular for its customizable options and ease of integration with existing WordPress themes. However, versions prior to 2.4.0 contain a critical vulnerability that can be exploited. Users generally leverage this plugin to engage with their audience by gaining insights through user votes. The timely updates and compatibility with multiple WordPress versions make it a preferred choice among WordPress users.

The vulnerability in question is SQL Injection, allowing attackers to execute arbitrary SQL commands via unsanitized inputs. SQL injection can potentially lead to unauthorized access and manipulation of the database, resulting in data theft or loss. The issue arises due to improper validation and sanitization of input parameters in certain SQL queries. It requires admin privileges to exploit, significantly raising the risk factor for installations where admin credentials may be compromised. This vulnerability highlights the need for strict input validation and regular updates of plugins.

Technical details of this SQL Injection vulnerability in the WordPress TS Poll plugin include the lack of input sanitization and escaping on certain parameters used in SQL statements. Exploiting this vulnerability allows attackers to insert malicious SQL code. The vulnerable endpoint includes calls to the admin page while utilizing a specific orderby parameter that fails to sanitize input. Successfully exploited, it results in the execution of unintended SQL commands, varying based on the attacker's objectives. Attackers can perform a simple time-based blind SQL injection by using the SLEEP() function, observing the time delays to confirm the vulnerability.

If exploited, the SQL Injection vulnerability could have several severe effects on the affected WordPress installation. It could lead to unauthorized data access, allowing attackers to read, modify, or delete data within the WordPress database. Additionally, attackers might gain control over WordPress user accounts, inject unauthorized content, or pivot the attack to exploit other vulnerabilities. In the worst cases, it could compromise the entire server hosting the vulnerable plugin. Such vulnerabilities can also lead to reputational damage and financial losses for affected organizations.

REFERENCES

• https://wpscan.com/vulnerability/ab4d7065-4ea2-4233-9593-0f540f91f45e/
• https://nvd.nist.gov/vuln/detail/CVE-2024-8625