Poll Maker Security Vulnerabilities and Issues — Poll Maker CVE List

Lucene search

Ays-proPoll Maker

7 matches found

CVE•added 2024/12/09 1:15 p.m.•57 views

CVE-2023-50904

Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.8.0.

5.3CVSS5.4AI score0.0018EPSS

CVE•added 2024/05/02 5:15 p.m.•54 views

CVE-2024-3601

The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email a...

5.3CVSS6.5AI score0.00391EPSS

CVE•added 2024/04/19 3:15 a.m.•53 views

CVE-2024-3600

The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes...

7.2CVSS6AI score0.00883EPSS

CVE•added 2024/12/07 2:15 a.m.•42 views

CVE-2024-12115

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated...

4.3CVSS4.2AI score0.00014EPSS

CVE•added 2024/11/09 7:15 a.m.•38 views

CVE-2024-9874

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex...

7.2CVSS5.2AI score0.00182EPSS

CVE•added 2024/10/26 3:15 a.m.•34 views

CVE-2024-9462

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.5CVSS5.3AI score0.00083EPSS

CVE•added 2024/10/26 3:15 a.m.•31 views

CVE-2024-9475

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existi...

7.2CVSS5.7AI score0.00166EPSS