CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-34635 – Poll Maker <= 3.2.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-34635
26 Jul 2021 — The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8. El plugin Poll Maker WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro mcount encontrado en el archivo ~/admin/partials/settings/poll-maker-settings.php que permite a atacantes inyectar scripts w... • https://plugins.trac.wordpress.org/browser/poll-maker/tags/3.2.8/admin/partials/settings/poll-maker-settings.php#L249 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24483 – Poll Maker < 3.2.1 - Authenticated Blind SQL Injections
https://notcve.org/view.php?id=CVE-2021-24483
29 Jun 2021 — The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard Las funciones get_poll_categories(), get_polls() y get_reports() del plugin de WordPress Poll Maker versiones anteriores a 3.2.1, no usaban la lista blanca o comprobaban el parámetro orderby antes de usarlo en las ... • https://wpscan.com/vulnerability/0dc931c6-1fce-4d70-a658-a4bbab10dab3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •