NotCVE - vendor:"Wp-polls Project" product:"Wp-polls"

4 results (0.001 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2022-1581 – WP-Polls < 2.76.0 - IP Validation Bypass

https://notcve.org/view.php?id=CVE-2022-1581

31 Oct 2022 — The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. El complemento de WordPress WP-Polls anterior a 2.76.0 prioriza la obtención de la IP de un visitante a partir de ciertos encabezados HTTP sobre REMOTE_ADDR de PHP, lo que permite evitar las limitaciones basadas en IP para votar en ciertas situaciones. The WP-Polls plugin for WordPress is vulnera... • https://wpscan.com/vulnerability/c1896ab9-9585-40e2-abbf-ef5153b3c6b2 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-40130 – WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability

https://notcve.org/view.php?id=CVE-2022-40130

05 Oct 2022 — Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress. Vulnerabilidad de Condición de Ejecución en el complemento WP-Polls en versiones <= 2.76.0 en WordPress. The WP-Polls plugin for WordPress is vulnerable to Race Condition in the function vote_poll_process() in versions up to, and including, 3.3.4. This can lead to unpredictable polling result changes when certain conditions are met. • https://patchstack.com/database/vulnerability/wp-polls/wordpress-wp-polls-plugin-2-76-0-race-condition-vulnerability?_s_id=cve • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-9352 – WP-Polls <= 2.71 - SQL Injection

https://notcve.org/view.php?id=CVE-2015-9352

26 Aug 2019 — The wp-polls plugin before 2.72 for WordPress has SQL injection. El plugin wp-polls antes de 2.72 para WordPress tiene inyección SQL. • https://wordpress.org/plugins/wp-polls/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10936 – WP-Polls <= 2.73 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2016-10936

29 Jul 2016 — The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. El plugin wp-polls antes de 2.73.1 para WordPress tiene XSS a través de la opción de barra de sondeo. • https://wordpress.org/plugins/wp-polls/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •