CVE-2016-20067

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

CVE-2016-20066 WordPress CP Polls 1.0.8 Persistent Cross-Site Scripting

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

CVE-2016-10936

The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option...

WordPress Polls CP plugin <= 1.0.75 - Admin+ Stored XSS via Custom Styles vulnerability

Admin+ Stored XSS via Custom Styles vulnerability discovered by Bob Matyas in WordPress Plugin CP Polls versions = 1.0.75...

EUVD-2014-1166

Malware in sbrugna...

EUVD-2015-9186

Malware in sbrugna...

EUVD-2016-1927

Malware in sbrugna...

EUVD-2015-9192

Malware in sbrugna...

EUVD-2022-43448

Malicious code in bioql PyPI...

CVE-2015-9346

The cp-polls plugin before 1.0.5 for WordPress has XSS...

CVE-2014-10395

The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list...

CVE-2015-9352

The wp-polls plugin before 2.72 for WordPress has SQL injection...

CVE-2024-8854

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Modern Polls versions = 1.0.10...

CVE-2025-46466 WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through = 1.0.10...

CVE-2024-13426

The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...

CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting

The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...

CVE-2024-13426

CVE-2024-13426 concerns the WordPress WP-Polls plugin up to version 2.77.2. The issue is an unauthenticated SQL Injection via COOKIE caused by insufficient escaping and inadequate query preparation, allowing an attacker to append additional SQL; the description notes a payload could also inject m...

CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting

The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...

PT-2025-2167 · WordPress · Wp-Polls

Name of the Vulnerable Software and Affected Versions: WP-Polls plugin for WordPress versions up to, and including, 2.77.2 Description: The issue arises from insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query, making it possible for...