Yop-Poll: >> Yop Poll >> 6.4.0 Security Vulnerabilities
The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-11-14
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-08-01