17 matches found
CVE-2016-10936
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option...
EUVD-2015-9192
Malware in sbrugna...
EUVD-2016-1927
Malware in sbrugna...
EUVD-2022-43448
Malicious code in bioql PyPI...
CVE-2024-13426
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...
CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...
CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers t...
CVE-2024-13426
CVE-2024-13426 concerns the WordPress WP-Polls plugin up to version 2.77.2. The issue is an unauthenticated SQL Injection via COOKIE caused by insufficient escaping and inadequate query preparation, allowing an attacker to append additional SQL; the description notes a payload could also inject m...
PT-2025-2167 · WordPress · Wp-Polls
Name of the Vulnerable Software and Affected Versions: WP-Polls plugin for WordPress versions up to, and including, 2.77.2 Description: The issue arises from insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query, making it possible for...
CVE-2022-1581 WP-Polls < 2.76.0 - IP Validation Bypass
The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...
CVE-2022-40130
Auth. subscriber+ Race Condition vulnerability in WP-Polls plugin = 2.76.0 on WordPress...
CVE-2022-40130
The CVE-2022-40130 entry documents a race-condition vulnerability in the WordPress WP-Polls plugin, affecting versions up to and including 2.76.0. The issue allows authenticated users (subscriber+ level) to tamper with poll votes due to improper synchronization. Remediation according to the sourc...
CVE-2016-10936
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option...
CVE-2015-9352
The wp-polls plugin before 2.72 for WordPress has SQL injection...
Design/Logic Flaw
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option...
Sql injection
The wp-polls plugin before 2.72 for WordPress has SQL injection...
WP Fastest Cache <= 0.8.4.8 - Blind SQL Injection
According to the researcher, for this vulnerability to be present WP-Polls plugin also needs to be installed. PoC...