WordPress Light Poll plugin <= 1.0.0 - Polls Deletion via CSRF vulnerability

Polls Deletion via CSRF vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin Light Poll versions = 1.0.0...

CVE-2025-65029

Rallly (open‑source scheduling tool) prior to 4.5.4 is affected by an insecure direct object reference (IDOR) in the participant deletion endpoint. The API authenticates only via a participant ID, allowing any authenticated user to delete arbitrary participants from polls without ownership verifi...

EUVD-2025-198221

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to delete arbitrary participants from polls without ownership verification. The endpoint relies solely on a participant ID to...

CVE-2024-6496

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2013-1401

Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll...

WordPress Light Poll 1.0.0 Cross Site Request Forgery Vulnerability

Exploit Title: Light Poll history.pushState'', '', '/'; document.forms0.submit; Reference: https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/ Exploit Title: Light Poll and are valid: https://example.com/wp-admin/admin.php?page=pollsettings&task=r...

WordPress Light Poll 1.0.0 Cross Site Request Forgery

Exploit Title: Light Poll history.pushState'', '', '/'; document.forms0.submit; Reference: https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/ Exploit Title: Light Poll and are...

CVE-2024-6496

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack...

PT-2024-37670 · WordPress · Light Poll Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Light Poll WordPress plugin versions through 1.0.0 Description: The issue concerns a lack of CSRF checks when deleting polls, which could allow attackers to make logged-in users perform such actions via a CSRF attack. Recommendations: For...

WordPress plugin Light Poll 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2009-4385

Multiple cross-site request forgery CSRF vulnerabilities in Scriptsez.net Ez Poll Hoster EPH allow remote attackers to 1 hijack the authentication of arbitrary users for requests that delete polls via the deletepoll action to index.php; and hijack the authentication of administrators for requests...