264 matches found
Poll Maker < 3.2.9 - Reflected Cross-Site Scripting
The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the /admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8. PoC...
WordPress Poll Maker plugin <= 3.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Xu-Liang Liao in WordPress Poll Maker plugin versions = 3.2.8. Solution Update the WordPress Poll Maker plugin to the latest available version at least 3.2.9...
WordPress Poll Maker plugin <= 3.2.0 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Poll Maker plugin versions = 3.2.0. Solution Update the WordPress Poll Maker plugin to the latest available version at least 3.2.1...
Poll Maker < 3.2.1 - Authenticated Blind SQL Injections
The getpollcategories, getpolls and getreports functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby...