CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47297 – WordPress Polls CP plugin <= 1.0.74 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47297
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople CP Polls allows Reflected XSS.This issue affects CP Polls: from n/a through 1.0.74. The CP Polls plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/cp-polls/wordpress-polls-cp-plugin-1-0-74-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24874 – WordPress Polls CP plugin <= 1.0.71 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-24874
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71. La neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en CodePeople CP Polls permite la inyección de código. Este problema afecta a CP Polls: desde n/a hasta 1.0.71. The Polls CP plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.0.71. This is due to insufficient validation on poll answers. • https://patchstack.com/database/vulnerability/cp-polls/wordpress-polls-cp-plugin-1-0-71-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24873 – WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-24873
: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71. La vulnerabilidad de control inadecuado de la frecuencia de interacción en CodePeople CP Polls permite flooding. Este problema afecta a CP Polls: desde n/a hasta 1.0.71. The Polls CP plugin for WordPress is vulnerable to Poll Limit Bypass in all versions up to, and including, 1.0.71. This is due to insufficient controls on on the voting system. • https://patchstack.com/database/vulnerability/cp-polls/wordpress-polls-cp-plugin-1-0-71-polls-limitation-bypass-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key CWE-799: Improper Control of Interaction Frequency •