6 matches found
CVE-2026-9014 WP Promoter <= 1.3 - Missing Authorization to Unauthenticated Statistics Reset via wpp-reset_stats AJAX Action
The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...
EUVD-2026-32086
The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...
CVE-2016-10936
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option...
CVE-2016-10936
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option...
Design/Logic Flaw
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option...
CVE-2016-10936
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option...