Lucene search
+L

429 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 7:26 p.m.10 views

CVE-2008-7046

AJ Square Free Polling Script AJPoll allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third part...

6.4CVSS7AI score0.02602EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/19 3:44 a.m.7 views

WordPress Polls CP plugin <= 1.0.75 - Admin+ Stored Cross-Site Scripting vulnerability

Admin+ Stored Cross-Site Scripting vulnerability discovered by Chinmay Vishwas Divekar in WordPress Plugin CP Polls versions = 1.0.75...

5.4CVSS5.7AI score0.00254EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.17 views

CVE-2024-8854

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

5.4CVSS5.6AI score0.00254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.11 views

CVE-2024-8851

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

5.4CVSS5.6AI score0.00254EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:16 p.m.3 views

CVE-2024-8854

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

5.4CVSS5.6AI score0.00254EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.10 views

CVE-2024-8851

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

5.4CVSS0.00254EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.14 views

CVE-2024-8854 Polls CP <= 1.0.75 - Admin+ Stored XSS via Custom Styles

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

5.7AI score0.00254EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.11 views

CVE-2024-8851 Polls CP <= 1.0.75 - Admin+ Stored Cross-Site Scripting

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

5.7AI score0.00254EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.19 views

CVE-2024-8851 Polls CP <= 1.0.75 - Admin+ Stored Cross-Site Scripting

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multi site setup...

0.00254EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.37 views

CVE-2024-8851

The CVE pertains to the WordPress plugin Polls CP, affected versions prior to 1.0.77. The root cause is insufficient sanitisation and escaping of poll settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (notably in multi-s...

5.4CVSS5.6AI score0.00254EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21537 · WordPress · Cp-Polls

Name of the Vulnerable Software and Affected Versions: Polls CP WordPress plugin versions prior to 1.0.77 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape...

5.4CVSS5.2AI score0.00254EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.6 views

WordPress plugin Polls CP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21536 · WordPress · Cp-Polls

Name of the Vulnerable Software and Affected Versions: Polls CP WordPress plugin versions prior to 1.0.77 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

5.4CVSS4.9AI score0.00254EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.6 views

WordPress plugin Polls CP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.4CVSS5.3AI score0.00254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 5:22 p.m.19 views

CVE-2025-46466

Cross-Site Request Forgery CSRF vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through = 1.0.10...

7.1CVSS7.2AI score0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/24 5:3 p.m.5 views

WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Modern Polls versions = 1.0.10...

7.1CVSS7.5AI score0.00139EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/04/24 4:15 p.m.6 views

CVE-2025-46466

Cross-Site Request Forgery CSRF vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through = 1.0.10...

7.1CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2025/04/24 4:8 p.m.47 views

CVE-2025-46466

CVE-2025-46466 – Modern Polls (WordPress) CSRF to Stored XSS . A CSRF flaw in felixtz Modern Polls ≤1.0.10 can lead to stored XSS as described in the CVE entry. The linked sources confirm affected software (Modern Polls) and the vulnerability class (CSRF enabling Stored XSS) with a high-severity ...

7.1CVSS7.2AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/24 4:8 p.m.17 views

CVE-2025-46466 WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through = 1.0.10...

7.1CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/24 4:8 p.m.7 views

CVE-2025-46466 WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in felixtz Modern Polls allows Stored XSS. This issue affects Modern Polls: from n/a through 1.0.10...

7.1CVSS6.8AI score0.00139EPSS
Exploits0References1
Rows per page
Query Builder