Platform
wordpress
Component
epoll-wp-voting
Fixed in
3.1.1
CVE-2024-31240 describes an Arbitrary File Access vulnerability affecting WP Poll Maker, a WordPress plugin. This vulnerability allows attackers to potentially read sensitive files on the server by manipulating file paths. Versions of WP Poll Maker up to and including 3.1 are affected. A patch has been released in version 3.1.1.
The Arbitrary File Access vulnerability allows an attacker to bypass intended security restrictions and access files outside of the intended directory. In the context of WP Poll Maker, this could allow an attacker to read configuration files, database credentials, or other sensitive data stored on the WordPress server. Successful exploitation could lead to data breaches, compromise of the entire WordPress installation, and potential lateral movement within the network if the server has access to other resources. While the vulnerability requires specific file path manipulation, the potential impact is significant due to the sensitive nature of data often stored on web servers.
This vulnerability was publicly disclosed on April 10, 2024. Currently, there are no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The relatively recent disclosure suggests that exploitation is possible but not widespread.
Exploit Status
EPSS
0.31% (54% percentile)
CVSS Vector
The primary mitigation for CVE-2024-31240 is to immediately upgrade WP Poll Maker to version 3.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Additionally, restrict file permissions on sensitive files and directories to prevent unauthorized access. Regularly review WordPress plugin installations and ensure they are from trusted sources.
Actualice el plugin WP Poll Maker a la última versión disponible. Si no hay una versión disponible, considere deshabilitar o eliminar el plugin hasta que se publique una versión corregida. Consulte el sitio web del proveedor para obtener más información y actualizaciones.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-31240 is a HIGH severity vulnerability in WP Poll Maker allowing attackers to read files outside of intended directories. It affects versions up to 3.1.
Yes, if you are using WP Poll Maker version 3.1 or earlier, you are vulnerable to this Arbitrary File Access issue.
Upgrade WP Poll Maker to version 3.1.1 or later to resolve the vulnerability. Consider WAF rules as a temporary mitigation.
Currently, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the InfoTheme website and WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.