CVE-2015-9346

CVE-2015-9346 concerns the WordPress cp-polls plugin prior to version 1.0.5, where a cross-site scripting (XSS) vulnerability exists in the plugin’s handling of user-supplied input. The issue is described as an XSS flaw enabling an attacker to execute client-side code within the context of the af...

CVE-2014-10395

The CVE-2014-10395 issue affects the WordPress cp-polls plugin prior to version 1.0.1, introducing a cross-site scripting (XSS) vulnerability in the votes list. Root cause described in CNVD as insufficient validation of client-side data by the web application. Impact noted as potential execution ...

CVE-2014-125091

The CVE-2014-125091 entry concerns the codepeople cp-polls Plugin for WordPress (version 1.0.1). The vulnerability exists in the file cp-admin-int-message-list.inc.php and is triggered by manipulating the lu parameter to induce SQL injection. It is exploitable remotely, with upgrading to version ...

CVE-2024-8851

The CVE pertains to the WordPress plugin Polls CP, affected versions prior to 1.0.77. The root cause is insufficient sanitisation and escaping of poll settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (notably in multi-s...

CVE-2024-8854

The CVE-2024-8854 entry concerns the Polls CP WordPress plugin (versions prior to 1.0.77). The vulnerability arises because the plugin does not sanitize and escape certain poll settings, enabling stored cross-site scripting via admin-level actions, even when unfiltered_html is disallowed (e.g., i...