44 matches found
CVE-2016-10936
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option...
WordPress Polls CP plugin <= 1.0.75 - Admin+ Stored XSS via Custom Styles vulnerability
Admin+ Stored XSS via Custom Styles vulnerability discovered by Bob Matyas in WordPress Plugin CP Polls versions = 1.0.75...
EUVD-2015-9186
Malware in sbrugna...
EUVD-2016-1927
Malware in sbrugna...
EUVD-2015-9192
Malware in sbrugna...
EUVD-2014-1166
Malware in sbrugna...
EUVD-2022-43448
Malicious code in bioql PyPI...
CVE-2015-9346
The cp-polls plugin before 1.0.5 for WordPress has XSS...
CVE-2014-10395
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list...
CVE-2015-9352
The wp-polls plugin before 2.72 for WordPress has SQL injection...
CVE-2024-8854
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...
WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Modern Polls versions = 1.0.10...
CVE-2025-46466 WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through = 1.0.10...
CVE-2024-13426
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...
CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...
CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...
CVE-2024-13426
CVE-2024-13426 concerns the WordPress WP-Polls plugin up to version 2.77.2. The issue is an unauthenticated SQL Injection via COOKIE caused by insufficient escaping and inadequate query preparation, allowing an attacker to append additional SQL; the description notes a payload could also inject m...
PT-2025-2167 · WordPress · Wp-Polls
Name of the Vulnerable Software and Affected Versions: WP-Polls plugin for WordPress versions up to, and including, 2.77.2 Description: The issue arises from insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query, making it possible for...
WordPress WP-Polls plugin <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting vulnerability
Unauthenticated SQL Injection to Stored Cross-Site Scripting vulnerability discovered by Jack Taylor in WordPress Plugin WP-Polls versions = 2.77.2...
WordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerability
Settings Change vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Popup Surveys & Polls for WordPress Mare.io versions = 1.36...