CVE-2025-3880

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with...

WordPress plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Poll, Survey & Quiz Maker Plugin...

PT-2025-25644 · WordPress · The Poll

Name of the Vulnerable Software and Affected Versions: The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress versions up to, and including, 19.9.0 Description: The issue is related to a misconfigured capability check on several functions, allowing authenticated attackers with...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: wwan: t7xx: Fixed the napi RX polling issue When the driver handles napi RX polling requests, the netdev might have been released by the dellink logic triggered by the disconnect operation on the user plane. However, duri...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: memstick: rtsxusbms: Fix slab-use-after-free in rtsxusbmsdrvremove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsxusbmspollcard+0x159/0x20...

CVE-2025-5841

The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

CVE-2025-5841

The CVE-2025-5841 entry documents a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress ACF Onyx Poll plugin, affecting versions up to and including 1.1.9. The root cause is insufficient input sanitization and output escaping in the class parameter, enabling authenticated attackers w...

CVE-2025-5841 ACF Onyx Poll <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter

The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

CVE-2025-5841 ACF Onyx Poll <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter

The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

WordPress plugin ACF Onyx Poll 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ACF Onyx Poll plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

PT-2025-25375 · WordPress · Acf Onyx Poll

Name of the Vulnerable Software and Affected Versions: ACF Onyx Poll plugin for WordPress versions up to, and including, 1.1.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with...

VulnCheck KEV: CVE-2021-24442

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks...

CVE-2024-6720

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-12115

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicatepoll function. This makes it possible for unauthenticated...

CVE-2024-6496

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2024-56277

Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through 5.5.5...

CVE-2024-2235

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack...

CVE-2024-29818

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Poll Maker & Voting Plugin Team InfoTheme WP Poll Maker allows Stored XSS.This issue affects WP Poll Maker: from n/a through 3.1...

CVE-2024-32821

Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through 4.9.9...

CVE-2024-9462

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...