20 matches found
CVE-2023-34013
CVE-2023-34013 affects Poll Maker – Best WordPress Poll Plugin (versions
CVE-2023-45766
CVE-2023-45766 is a WordPress Poll Maker plugin vulnerability (≤ 4.7.1) due to missing authorization checks that could allow an unauthenticated user to access or manipulate data. Root cause: broken access control in the plugin’s poll-related functionality. A fixed version, Poll Maker 4.7.2, exist...
CVE-2022-1456
CVE-2022-1456 affects the Poll Maker WordPress plugin prior to 4.0.2. The vulnerability arises because the plugin does not sanitize and escape certain settings, enabling a stored Cross-Site Scripting (XSS) attack by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Impa...
CVE-2025-26971
CVE-2025-26971 is an Authenticated SQL Injection in the Poll Maker WordPress plugin. Affected: Poll Maker versions 5.6.5 and earlier. Root cause: improper neutralization of input in an SQL command. Impact: potential unauthorized data access/ manipulation (high severity per CVSS metrics in the ent...
CVE-2024-3600
CVE-2024-3600 affects the Poll Maker – Best WordPress Poll Plugin for WordPress. According to Red Hat and corroborated by Wordfence sources, it enables Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action and insufficient escaping/sanitizatio...
CVE-2024-3601
The CVE-2024-3601 entry for Poll Maker – Best WordPress Poll Plugin (up to v5.1.8) has concrete details in connected docs: a missing capability check in the ays_poll_create_author function allows unauthenticated attackers to enumerate email addresses. Impact is unauthorized data access; attack is...
CVE-2021-24651
CVE-2021-24651 affects the WordPress Poll Maker plugin prior to 3.4.2. The vulnerability is an unauthenticated, time-based SQL injection via the ays_finish_poll AJAX action. The impact described in connected sources includes the ability to exfiltrate data such as password hashes through timing-ba...
CVE-2023-50904
CVE-2023-50904: A Missing Authorization vulnerability in WordPress Poll Maker (up to version 4.8.0) arises from incorrectly configured access control. Exploitation could allow unauthorized actions due to insufficient authorization checks. Public advisories in multiple sources confirm the issue an...
CVE-2024-9874
CVE-2024-9874 affects the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls. Connected sources confirm a time-based SQL Injection via the orderby parameter in all versions up to 5.4.6, caused by insufficient escaping and lack of proper preparation of the SQL query. Exploita...
CVE-2025-47545
CVE-2025-47545 relates to a race condition in the WordPress plugin Poll Maker. Affected software: Poll Maker versions n/a through 5.7.7. Root cause per sources: Concurrent execution using a shared resource with improper synchronization. Documented impact aligns with race conditions (no concrete e...
CVE-2021-34635
Summary of CVE-2021-34635 (Poll Maker WordPress plugin) : The vulnerability is a reflected Cross-Site Scripting (XSS) flaw in the Poll Maker plugin, triggered through the mcount parameter in the file ~/admin/partials/settings/poll-maker-settings.php. Affected versions are up to and including 3.2....
CVE-2024-13602
CVE-2024-13602 concerns the Poll Maker WordPress plugin, affecting versions before 5.5.4. The initial description and corroborating Red Hat/NVD entries indicate the issue stems from inadequate sanitisation and escaping of certain plugin settings, enabling a Stored XSS under high-privilege conditi...
CVE-2024-12115
CVE-2024-12115 concerns the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls. The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the duplicate_poll() function, enabling unauthenticated attackers to duplicate polls by inducing a site a...
CVE-2021-24483
Affected software: WordPress Poll Maker plugin (prior to version 3.2.1). Vulnerability: SQL injection in admin dashboard via unsafely used orderby parameter in get_results() calls within get_poll_categories(), get_polls(), and get_reports(). Root cause: lack of whitelist/validation for orderby us...
CVE-2024-56295
CVE-2024-56295 is a Missing Authorization vulnerability in the WordPress Poll Maker (Poll Maker) plugin, relating to incorrectly configured access control. Affected range: Poll Maker versions up to 5.5.6 (no details on exploitation). The connected sources indicate a fix in version 5.5.6. Remediat...
CVE-2025-24577
The CVE-2025-24577 entry concerns the WordPress Poll Maker plugin (versions through 5.5.0) with a Missing Authorization vulnerability that leads to Broken Access Control. Affected component is the plugin’s access control logic; root cause described as misconfigured access control/security levels....
CVE-2024-9462
CVE-2024-9462 : The WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls is vulnerable to a Stored Cross-Site Scripting (XSS) via poll settings in all versions up to and including 5.4.6. The vulnerability arises from insufficient input sanitization and output escaping, enablin...
CVE-2023-41871
CVE-2023-41871 is an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the Poll Maker Team Poll Maker WordPress plugin, affecting versions
CVE-2024-56277
CVE-2024-56277: WordPress Poll Maker plugin suffers improper encoding/escaping of output (HTML injection) in poll-maker. Affected: Poll Maker versions
CVE-2024-9475
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls WordPress plugin is affected by a SQL Injection in versions up to 5.4.6 via the order_by parameter due to insufficient escaping and query preparation, enabling authenticated administrators to append SQL to existing queries. The issue’s r...