CVE-2026-25428

Server-Side Request Forgery SSRF vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through = 2.5.5...

PT-2026-20745

Server-Side Request Forgery SSRF vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through = 2.5.5...

CVE-2024-6720

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6720 Light Poll <= 1.0.0 - Poll Answers Deletion via CSRF

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

Design/Logic Flaw

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

Cross site scripting

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to...

Simply Poll 1.4.1 - wp-admin/admin.php question Parameter XSS

The simply-poll WordPress plugin was affected by a wp-admin/admin.php question Parameter XSS security vulnerability...

Simply Poll 1.4.1 - wp-admin/admin.php Poll Manipulation CSRF

The simply-poll WordPress plugin was affected by a wp-admin/admin.php Poll Manipulation CSRF security vulnerability...