Total Poll Lite
Monthly
TotalSuite Total Poll Lite plugin for WordPress versions up to 4.12.0 allows authenticated users to bypass access controls and modify poll data due to missing authorization checks on administrative functions. An authenticated attacker with low privileges can exploit incorrectly configured access control security levels to read, modify, or delete poll content without proper authorization, achieving a CVSS score of 6.3 with low exploitation probability (EPSS 0.02%).
Total Poll Lite, a WordPress plugin, contains an improper code injection vulnerability (CWE-94) that allows remote code inclusion and execution. All versions up to and including 4.12.0 are affected. An attacker can exploit this vulnerability to achieve remote code execution (RCE) on WordPress installations running the vulnerable plugin, potentially gaining full control of the affected web application.
TotalSuite Total Poll Lite plugin for WordPress versions up to 4.12.0 allows authenticated users to bypass access controls and modify poll data due to missing authorization checks on administrative functions. An authenticated attacker with low privileges can exploit incorrectly configured access control security levels to read, modify, or delete poll content without proper authorization, achieving a CVSS score of 6.3 with low exploitation probability (EPSS 0.02%).
Total Poll Lite, a WordPress plugin, contains an improper code injection vulnerability (CWE-94) that allows remote code inclusion and execution. All versions up to and including 4.12.0 are affected. An attacker can exploit this vulnerability to achieve remote code execution (RCE) on WordPress installations running the vulnerable plugin, potentially gaining full control of the affected web application.