Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.17 views

CVE-2024-8854

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

5.4CVSS5.6AI score0.00254EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:16 p.m.26 views

CVE-2024-8854

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

5.4CVSS0.00254EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.14 views

CVE-2024-8854 Polls CP <= 1.0.75 - Admin+ Stored XSS via Custom Styles

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

5.7AI score0.00254EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.32 views

CVE-2024-8854

The CVE-2024-8854 entry concerns the Polls CP WordPress plugin (versions prior to 1.0.77). The vulnerability arises because the plugin does not sanitize and escape certain poll settings, enabling stored cross-site scripting via admin-level actions, even when unfiltered_html is disallowed (e.g., i...

5.4CVSS5.6AI score0.00254EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder