2 matches found
CVE-2013-1400
CVE-2013-1400 affects Cardoza WordPress Poll plugin (34.05) / Cardoza WordPress Poll plugin 34.05. The vulnerability is in CWPPoll.js (viewPollResults and userlogs) where the poll_id pollid parameter is not sanitized, allowing remote SQL injections. This can enable manipulation of backend data or...
CVE-2013-1401
Cardoza WordPress Poll plugin for WordPress (versions around 34.05/34.5) contains multiple vulnerable functions (editAnswer, deleteAnswer, addAnswer, deletePoll) that can be reached via external AJAX calls. The issues enable remote attackers to manipulate polls (add/edit/delete answers, delete po...