CVE-2023-50904 – Poll Maker <= 4.8.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-50904
The Poll Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.8.0. This makes it possible for unauthenticated attackers to perform unauthorized actions. • CWE-862: Missing Authorization •
CVE-2023-45766 – Poll Maker <= 4.7.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-45766
The Poll Maker plugin for WordPress is vulnerable to unauthorized access of data or functionality due to a missing capability check on one of its functions in all versions up to, and including, 4.7.1. This makes it possible for unauthenticated attackers to make use of this function. • CWE-862: Missing Authorization •
CVE-2023-41871 – WordPress Poll Maker Plugin <= 4.7.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-41871
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Poll Maker Team Poll Maker en versiones <= 4.7.0. The Poll Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/poll-maker/wordpress-poll-maker-best-wordpress-poll-plugin-plugin-4-7-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-34013 – WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-34013
Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Poll Maker Team Poll Maker – Best WordPress Poll Plugin. Este problema afecta a Poll Maker – Best WordPress Poll Plugin: desde n/a hasta 4.6.2. The Poll Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 4.6.2. This makes it possible for authenticated attackers, with administrator-level access, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/poll-maker/wordpress-poll-maker-plugin-4-6-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-1456 – Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1456
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed El plugin Poll Maker de WordPress versiones anteriores a 4.0.2, no sanea y escapa de algunos parámetros, lo que podría permitir a usuarios con altos privilegios, como los administradores, llevar a cabo un ataque de tipo Cross-Site Scripting Almacenado incluso cuando unfiltered_html está deshabilitado • https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •