Lucene search
K

107 matches found

Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.2 views

CVE-2025-49044 WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through = 1.1.1...

7.1CVSS5.9AI score0.00118EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/14 7:31 a.m.4 views

WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by TAKERU OTSUKA Patchstack Alliance in WordPress Plugin Simple Poll versions = 1.1.1...

7.1CVSS6AI score0.00118EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/06/17 12:15 p.m.2 views

CVE-2025-3880

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00241EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/15 2:16 a.m.6 views

CVE-2025-5841

The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

6.4CVSS5.7AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:24 a.m.8 views

CVE-2024-6720

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.8AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:19 a.m.9 views

CVE-2024-8625

The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

7.2CVSS7.6AI score0.02277EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:21 a.m.5 views

CVE-2023-34013

Server-Side Request Forgery SSRF vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2...

7.5CVSS7.8AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.7 views

CVE-2021-24834

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is...

5.4CVSS6.4AI score0.01483EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.10 views

CVE-2021-24454

In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. Th...

6.1CVSS5.6AI score0.01599EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.7 views

CVE-2021-24833

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to...

5.4CVSS6.4AI score0.01092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 a.m.9 views

CVE-2019-9914

The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls=view-votes pollid XSS...

6.1CVSS7.1AI score0.01656EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:17 a.m.17 views

CVE-2013-1401

Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll...

9.8CVSS7.3AI score0.04973EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 a.m.15 views

CVE-2013-1400

Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or pollid parameter in a viewPollResults or userlogs action...

9.8CVSS8.8AI score0.03177EPSS
Exploits3References1
CVE
CVE
added 2025/04/15 1:44 a.m.64 views

CVE-2025-3470

CVE-2025-3470 describes an authenticated SQL Injection in the WordPress plugin TS Poll – Survey, Versus Poll, Image Poll, Video Poll, affecting versions up to and including 2.4.6. The root cause is insufficient escaping of the user-supplied s parameter and inadequate preparation in the existing S...

4.9CVSS5.3AI score0.00363EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.4 views

WordPress plugin TS Poll SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

4.9CVSS6.7AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.3 views

WordPress plugin CBX Poll 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.8CVSS8.6AI score0.00674EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/30 5:22 p.m.3 views

WordPress WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin <= 1.7.5 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin WordPress Survey & Poll versions = 1.7.5...

6.5CVSS8.1AI score0.00335EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.4 views

WordPress plugin TS Poll 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS7.7AI score0.02277EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.4 views

WordPress plugin TS Poll SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

7.2CVSS7.2AI score0.00927EPSS
Exploits1References6
Patchstack
Patchstack
added 2024/10/09 3:30 p.m.4 views

WordPress TS Poll plugin <= 2.3.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter vulnerability

Authenticated Administrator+ SQL Injection via orderby Parameter vulnerability discovered by WordFence in WordPress Plugin TS Poll versions = 2.4.0...

7.2CVSS8.1AI score0.00927EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder