Lucene search
K
Ays-proPoll Maker

20 matches found

CVE
CVE
added 2023/11/13 2:28 a.m.102 views

CVE-2023-34013

CVE-2023-34013 affects Poll Maker – Best WordPress Poll Plugin (versions

7.5CVSS7.8AI score0.00445EPSS
CVE
CVE
added 2025/01/02 11:59 a.m.91 views

CVE-2023-45766

CVE-2023-45766 is a WordPress Poll Maker plugin vulnerability (≤ 4.7.1) due to missing authorization checks that could allow an unauthenticated user to access or manipulate data. Root cause: broken access control in the plugin’s poll-related functionality. A fixed version, Poll Maker 4.7.2, exist...

5.3CVSS7.3AI score0.00343EPSS
CVE
CVE
added 2022/05/30 8:35 a.m.84 views

CVE-2022-1456

CVE-2022-1456 affects the Poll Maker WordPress plugin prior to 4.0.2. The vulnerability arises because the plugin does not sanitize and escape certain settings, enabling a stored Cross-Site Scripting (XSS) attack by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Impa...

4.8CVSS4.8AI score0.00565EPSS
CVE
CVE
added 2025/02/25 2:17 p.m.82 views

CVE-2025-26971

CVE-2025-26971 is an Authenticated SQL Injection in the Poll Maker WordPress plugin. Affected: Poll Maker versions 5.6.5 and earlier. Root cause: improper neutralization of input in an SQL command. Impact: potential unauthorized data access/ manipulation (high severity per CVSS metrics in the ent...

9.8CVSS7.3AI score0.00437EPSS
CVE
CVE
added 2024/04/19 2:34 a.m.72 views

CVE-2024-3600

CVE-2024-3600 affects the Poll Maker – Best WordPress Poll Plugin for WordPress. According to Red Hat and corroborated by Wordfence sources, it enables Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action and insufficient escaping/sanitizatio...

7.2CVSS6AI score0.00381EPSS
CVE
CVE
added 2024/05/02 4:52 p.m.71 views

CVE-2024-3601

The CVE-2024-3601 entry for Poll Maker – Best WordPress Poll Plugin (up to v5.1.8) has concrete details in connected docs: a missing capability check in the ays_poll_create_author function allows unauthenticated attackers to enumerate email addresses. Impact is unauthorized data access; attack is...

5.3CVSS6.5AI score0.00584EPSS
CVE
CVE
added 2021/10/11 10:45 a.m.70 views

CVE-2021-24651

CVE-2021-24651 affects the WordPress Poll Maker plugin prior to 3.4.2. The vulnerability is an unauthenticated, time-based SQL injection via the ays_finish_poll AJAX action. The impact described in connected sources includes the ability to exfiltrate data such as password hashes through timing-ba...

7.5CVSS8AI score0.01587EPSS
CVE
CVE
added 2024/12/09 11:29 a.m.70 views

CVE-2023-50904

CVE-2023-50904: A Missing Authorization vulnerability in WordPress Poll Maker (up to version 4.8.0) arises from incorrectly configured access control. Exploitation could allow unauthorized actions due to insufficient authorization checks. Public advisories in multiple sources confirm the issue an...

5.3CVSS7.3AI score0.00659EPSS
CVE
CVE
added 2024/11/09 6:41 a.m.66 views

CVE-2024-9874

CVE-2024-9874 affects the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls. Connected sources confirm a time-based SQL Injection via the orderby parameter in all versions up to 5.4.6, caused by insufficient escaping and lack of proper preparation of the SQL query. Exploita...

7.2CVSS5.2AI score0.00708EPSS
CVE
CVE
added 2025/05/07 2:20 p.m.61 views

CVE-2025-47545

CVE-2025-47545 relates to a race condition in the WordPress plugin Poll Maker. Affected software: Poll Maker versions n/a through 5.7.7. Root cause per sources: Concurrent execution using a shared resource with improper synchronization. Documented impact aligns with race conditions (no concrete e...

8.1CVSS7.2AI score0.00275EPSS
CVE
CVE
added 2021/08/02 8:39 p.m.60 views

CVE-2021-34635

Summary of CVE-2021-34635 (Poll Maker WordPress plugin) : The vulnerability is a reflected Cross-Site Scripting (XSS) flaw in the Poll Maker plugin, triggered through the mcount parameter in the file ~/admin/partials/settings/poll-maker-settings.php. Affected versions are up to and including 3.2....

6.1CVSS6AI score0.00938EPSS
Web
CVE
CVE
added 2025/03/16 6:0 a.m.60 views

CVE-2024-13602

CVE-2024-13602 concerns the Poll Maker WordPress plugin, affecting versions before 5.5.4. The initial description and corroborating Red Hat/NVD entries indicate the issue stems from inadequate sanitisation and escaping of certain plugin settings, enabling a Stored XSS under high-privilege conditi...

4.8CVSS5.7AI score0.00247EPSS
CVE
CVE
added 2024/12/07 1:45 a.m.59 views

CVE-2024-12115

CVE-2024-12115 concerns the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls. The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the duplicate_poll() function, enabling unauthenticated attackers to duplicate polls by inducing a site a...

4.3CVSS4.2AI score0.00153EPSS
CVE
CVE
added 2021/08/02 10:32 a.m.57 views

CVE-2021-24483

Affected software: WordPress Poll Maker plugin (prior to version 3.2.1). Vulnerability: SQL injection in admin dashboard via unsafely used orderby parameter in get_results() calls within get_poll_categories(), get_polls(), and get_reports(). Root cause: lack of whitelist/validation for orderby us...

7.2CVSS7.3AI score0.01409EPSS
Web
CVE
CVE
added 2025/01/15 3:23 p.m.56 views

CVE-2024-56295

CVE-2024-56295 is a Missing Authorization vulnerability in the WordPress Poll Maker (Poll Maker) plugin, relating to incorrectly configured access control. Affected range: Poll Maker versions up to 5.5.6 (no details on exploitation). The connected sources indicate a fix in version 5.5.6. Remediat...

6.5CVSS7.2AI score0.00429EPSS
CVE
CVE
added 2025/04/17 3:48 p.m.53 views

CVE-2025-24577

The CVE-2025-24577 entry concerns the WordPress Poll Maker plugin (versions through 5.5.0) with a Missing Authorization vulnerability that leads to Broken Access Control. Affected component is the plugin’s access control logic; root cause described as misconfigured access control/security levels....

9.8CVSS5.9AI score0.00377EPSS
CVE
CVE
added 2024/10/26 1:58 a.m.51 views

CVE-2024-9462

CVE-2024-9462 : The WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls is vulnerable to a Stored Cross-Site Scripting (XSS) via poll settings in all versions up to and including 5.4.6. The vulnerability arises from insufficient input sanitization and output escaping, enablin...

5.5CVSS5.3AI score0.0032EPSS
CVE
CVE
added 2023/09/25 6:31 p.m.50 views

CVE-2023-41871

CVE-2023-41871 is an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the Poll Maker Team Poll Maker WordPress plugin, affecting versions

7.1CVSS6AI score0.0033EPSS
CVE
CVE
added 2025/01/21 1:40 p.m.46 views

CVE-2024-56277

CVE-2024-56277: WordPress Poll Maker plugin suffers improper encoding/escaping of output (HTML injection) in poll-maker. Affected: Poll Maker versions

5.3CVSS7.2AI score0.00273EPSS
CVE
CVE
added 2024/10/26 1:58 a.m.45 views

CVE-2024-9475

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls WordPress plugin is affected by a SQL Injection in versions up to 5.4.6 via the order_by parameter due to insufficient escaping and query preparation, enabling authenticated administrators to append SQL to existing queries. The issue’s r...

7.2CVSS5.7AI score0.00476EPSS