What is the CVSS score of CVE-2024-9022?

CVE-2024-9022 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 2.1%.

Which versions of TS Poll are affected by CVE-2024-9022?

The TS Poll WordPress plugin (versions 2.4.0 and earlier) contains a SQL injection vulnerability that could enable unauthorized extraction of sensitive database information if an administrator…

Is there a public PoC exploit available for CVE-2024-9022?

Yes, a public proof-of-concept exploit is available for CVE-2024-9022. Prioritise patching immediately. EPSS: 2.1%.

How to fix or mitigate CVE-2024-9022?

Within 24 hours: Inventory all WordPress instances using TS Poll plugin and confirm installed versions (vulnerable if ≤ 2.4.0); identify which administrators have access to this plugin. Within 7 days: Implement database query logging and monitoring for suspicious SQL patterns; audit recent administrator activities for unauthorized database access. Within 30 days: Deactivate the TS Poll plugin if not actively required; evaluate alternative polling solutions for WordPress; enforce multi-factor authentication for all WordPress administrator accounts.

TS Poll CVE-2024-9022

HIGH

SQL Injection (CWE-89)

2024-10-10 security@wordfence.com

SQLi WordPress Ts Poll

7.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Apr 08, 2026 - 19:22 vuln.today

Public exploit code

CVE Published

Oct 10, 2024 - 03:15 nvd

HIGH 7.2

DescriptionCVE.org

The TS Poll - Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

AnalysisAI

SQL injection in the TS Poll WordPress plugin (versions up to and including 2.4.0) allows authenticated attackers with Administrator-level access to append arbitrary SQL queries via the 'orderby' parameter, enabling extraction of sensitive database contents. Publicly available exploit code exists, though the high-privilege requirement (PR:H) limits practical impact, and EPSS sits at 2.11% (84th percentile) indicating modest but non-trivial exploitation interest. No public exploit identified as actively used in the wild - not listed in CISA KEV.

Technical ContextAI

TS Poll is a WordPress plugin by Total Soft (CPE cpe:2.3:a:total-soft:ts_poll) providing survey, versus, image, and video poll functionality. The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), specifically stemming from insufficient escaping of the user-supplied 'orderby' parameter combined with a lack of prepared statement usage in the underlying SQL query construction. Because 'orderby' parameters typically cannot be safely parameterized in standard prepared-statement APIs (they identify column names, not values), the WordPress-recommended pattern is strict allowlisting against known column names - a control evidently absent here, allowing the parameter to be concatenated into the final query string.

RemediationAI

Upgrade the TS Poll plugin to a version higher than 2.4.0 once the vendor publishes a patched release; consult the Wordfence advisory and the WordPress.org plugin changelog for the exact fixed version, as no specific patched version is independently confirmed in the available data. If a fixed version is not yet available or cannot be deployed immediately, compensating controls include deactivating and removing the TS Poll plugin entirely (trade-off: loss of poll functionality), restricting WordPress Administrator role assignment to the minimum necessary accounts and enforcing multi-factor authentication on those accounts to raise the bar for the PR:H prerequisite, and deploying a WAF rule (Wordfence, Sucuri, or ModSecurity) to inspect requests to TS Poll admin endpoints for SQL metacharacters in the 'orderby' parameter (trade-off: potential false positives on legitimate sort operations).

CVE-2024-9022 vulnerability details – vuln.today

Back

TS Poll CVE-2024-9022

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code