WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. SQL injection vulnerability exists in versions prior to WordPress Poll Maker plugin 3.4.2, which stems from the plugin allowing unauthenticated users to perform SQL injection via the ays_finish_Poll AJAX operation. An attacker could use the vulnerability to obtain data such as password hashes.