429 matches found
CVE-2025-50025
CVE-2025-50025 is a stored Cross-Site Scripting vulnerability in the WordPress plugin CP Polls (codepeople CP Polls). Connected sources confirm the issue affects CP Polls versions 1.0.0 through 1.0.81 and stems from improper input neutralization during web page generation. Remediation advised in ...
CVE-2025-50025 WordPress CP Polls plugin <= 1.0.81 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Polls allows Stored XSS. This issue affects CP Polls: from n/a through 1.0.81...
CVE-2025-50025 WordPress CP Polls plugin <= 1.0.81 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Polls cp-polls allows Stored XSS.This issue affects CP Polls: from n/a through = 1.0.81...
PT-2025-26382 · Codepeople · Cp-Polls
Name of the Vulnerable Software and Affected Versions: codepeople CP Polls versions 1.0.0 through 1.0.81 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...
WordPress plugin CP Polls 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress CP Polls plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, whi...
WordPress CP Polls plugin <= 1.0.81 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin CP Polls versions = 1.0.81...
CVE-2024-24874
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71...
CVE-2024-24873
: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71...
CVE-2023-43814
Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/groupedpollresults endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where t...
CVE-2022-1581
The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...
CVE-2021-43793
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse...
CVE-2020-11673
An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage of the callback wpajaxnopriv function in Includes/Total-Soft-Poll-Ajax.php for sensitive operatio...
CVE-2020-23754
Cross Site Scripting XSS vulnerability in infusions/memberpollpanel/polladmin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature...
CVE-2014-125091
A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...
CVE-2015-9346
The cp-polls plugin before 1.0.5 for WordPress has XSS...
CVE-2014-10395
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list...
CVE-2015-9352
The wp-polls plugin before 2.72 for WordPress has SQL injection...
CVE-2011-5304
Multiple cross-site scripting XSS vulnerabilities in the Sodahead Polls plugin before 2.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via 1 the pollid parameter to customizer.php or 2 the customize parameter to poll.php...
CVE-2010-5004
SQL injection vulnerability in searchvote.php in 2daybiz Polls aka Advanced Poll Script allows remote attackers to execute arbitrary SQL commands via the category parameter...
CVE-2010-1081
Directory traversal vulnerability in the Community Polls comcommunitypolls component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...