CVE-2014-4856

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

EUVD-2014-4775

Malware in sbrugna...

WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Nosa "apapedulimu" Shandy Patchstack Alliance in the WordPress Crowdsignal Dashboard plugin versions = 3.0.9. Solution Update the WordPress Polldaddy Polls & Ratings plugin to the latest available version at least 3.0.10...

Automattic: Stored XSS Using Media

Hi, Summary: This exploits an XSS vulnerability on polldaddy.com Steps to Reproduce: 1. Create a multiple-choice question quiz on Polldaddy 2. Insert stored XSS payload into Media Embed such that it matches the shortcode format Payload: 3. When someone goes on the quiz page through the quiz share...

Automattic: xss filter bypass [polldaddy]

Hi, previously reported xss https://hackerone.com/reports/107405 which is fixed, but i am able to bypass that fix. Payload for bypass : Click Here Steps: - Login into Polldaddy account polldaddy.com - go to POLLS and create new poll - in answers. enter xss payload Click Here F217173 - Save it - g...

Polldaddy Polls & Ratings <= 2.0.31 - Shortcode Stored Cross-Site Scripting (XSS)

Similar issue to the one in Jetpack's Polldaddy module...

WordPress Polldaddy Polls & Ratings Plugin <= 2.0.20 - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Upgrade the plugin...

WordPress Polldaddy Polls & Ratings Plugin <= 2.0.23 - Reflected XSS

This plugin is prone to a reflected cross site scripting vulnerability in polldaddy-org.php polldaddy-ratings-title-filter parameter. Solution Upgrade the plugin...

Polldaddy Polls & Rating 2.0.24 - polldaddy-org.php unique_id Ratings Shortcode XSS

The Crowdsignal Polls & Ratings WordPress plugin was affected by a polldaddy-org.php uniqueid Ratings Shortcode XSS security vulnerability...

Polldaddy Polls & Rating 2.0.23 - polldaddy-org.php polldaddy-ratings-title-filter Parameter Reflected XSS

The Crowdsignal Polls & Ratings WordPress plugin was affected by a polldaddy-org.php polldaddy-ratings-title-filter Parameter Reflected XSS security vulnerability...

CVE-2014-4856

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

Cross site scripting

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

CVE-2014-4856

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

CVE-2014-4856

Polldaddy Polls & Ratings WordPress plugin vulnerability CVE-2014-4856 concerns an XSS flaw in versions prior to 2.0.25 triggered via the ratings shortcode and a unique_id parameter. The issue allows remote attackers to inject arbitrary script/HTML. Affected product: Polldaddy Polls & Ratings plu...

WordPress Polldaddy Polls & Ratings Plugin <= 2.0.24 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. Solution Update the plugin...

Automattic: https://polldaddy.com storage.swf XSS

Hi, I found a flash based XSS located here : https://polldaddy.com/swf/storage.swf?onload=alert1 It happends in the ExternalInterface.Call Function, when a parameter is inserted unfiltered it will allow XSS, you can patch it by only allowing : A-Z a-z 0-9 Best regards, Olivier Beg...