### [CVE-2021-24651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24651)
![](https://img.shields.io/static/v1?label=Product&message=Poll%20Maker&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.4.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-203%20Observable%20Discrepancy&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brightgreen)

### Description

The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.

### POC

#### Reference
- https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1

#### Github
- https://github.com/20142995/nuclei-templates