CVE-2021-24651: 
WordPress vulnerability analysis and mitigation

The Poll Maker WordPress plugin (versions before 3.4.2) was found to contain a security vulnerability identified as CVE-2021-24651. The vulnerability was discovered and publicly disclosed on September 13, 2021. This security flaw affects the Poll Maker plugin for WordPress, specifically impacting all versions prior to 3.4.2 (WPScan).

The vulnerability is classified as an unauthenticated time-based SQL injection that occurs via the ays_finish_poll AJAX action. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 base score of 7.5 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability is categorized under CWE-89 (SQL Injection) and CWE-203 (Observable Discrepancy) (NVD).

While the SQL injection results are not directly disclosed in the response, attackers can utilize timing attacks to exfiltrate sensitive data, including password hashes from the WordPress database. This vulnerability allows unauthorized access to potentially sensitive information stored in the WordPress database (WPScan).

The vulnerability has been patched in version 3.4.2 of the Poll Maker plugin. Users are strongly advised to update their installations to this version or newer to mitigate the risk (WPScan).