2 matches found
CVE-2024-8625
The TS Poll WordPress plugin is affected: versions prior to 2.4.0 do not sanitize/escape a parameter before using it in a SQL statement, enabling an SQL injection through admin-level access. Documented impact correlates to high severity (CVSS 3.1 base: 7.2). Affected component: the plugin’s SQL u...
CVE-2024-9022
CVE-2024-9022 : The TS Poll – Survey, Versus Poll, Image Poll, Video Poll WordPress plugin is vulnerable to SQL Injection via the ordersby parameter in all versions up to and including 2.3.9, due to insufficient escaping and query preparation. An authenticated attacker with Administrator-level ac...