search

lesterchan / wp-polls

Adds an AJAX poll system to your WordPress blog. You can also easily add a poll into your WordPress's blog post/page.
https://wordpress.org/plugins/wp-polls/
93 stars 78 forks source link

preventing cross site voting & validating answers [Updated] #81

Closed ghost closed 7 years ago

ghost commented 7 years ago

There is a current flaw in wp-polls that allows people to embed the following into a page: http://example.com/wp-admin/admin-ajax.php?action=polls&view=process&poll_id=POLLID&poll_POLLID=ANSWER&poll_POLLID_nonce=POLLNONCE