WordPress Responsive Poll Plugin <= 2.3.9 is vulnerable to SQL Injection

Software Responsive Poll Type Plugin Vulnerable versions = 2.3.9 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9022 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2e687784b00a Credits WordFence Required privilege Administrator Published...

WordPress plugin Light Poll 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-6496

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2023-6109

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

Race condition

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

CVE-2023-6109 YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

PT-2023-32522 · WordPress · Yop Poll

Name of the Vulnerable Software and Affected Versions: YOP Poll plugin for WordPress versions up to, and including, 6.5.26 Description: The issue is due to a race condition caused by improper restrictions on the add function. This allows unauthenticated attackers to place multiple votes on a sing...

The vulnerability of the Admin preview module of the YOP Poll plugin in the WordPress content management system allows a hacker to compromise the privacy and integrity of the protected information.

The vulnerability of the Admin preview module of the YOP Poll plugin in the WordPress content management system exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the...

CVE-2022-34656 WordPress Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Cross-Site Scripting XSS vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin = 1.7.4 at WordPress...

PT-2022-13997 · WordPress · Yop Poll

Name of the Vulnerable Software and Affected Versions: YOP Poll WordPress plugin versions prior to 6.4.3 Description: The issue allows bypassing IP-based limitations to vote in certain situations due to the plugin prioritizing getting a visitor's IP from certain HTTP headers over PHP's REMOTE ADD...

WordPress YOP Poll Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress YOP Poll Plugin versions prior to 6.3.5, which stems...

CVE-2021-24885

The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

WordPress YOP Poll Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress YOP Poll Plugin, which stems from a lack of...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress YOP Poll Plugin, which stems from a lack of...

WordPress YOP Poll plugin <= 6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability via Preview Module

Stored Cross-Site Scripting XSS vulnerability via Preview Module discovered by Vishnupriya Ilango in WordPress YOP Poll plugin versions = 6.3.0. Solution Update the WordPress YOP Poll plugin to the latest available version at least 6.3.1...

CVE-2021-24442

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks...

CVE-2021-24442

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks...

WordPress YOP Poll plugin <= 6.2.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Toby Jackson in WordPress YOP Poll plugin versions = 6.2.7. Solution Update the WordPress YOP Poll plugin to the latest available version at least 6.2.8...

CVE-2020-24315

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...

CVE-2020-24315

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...