CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26971 – WordPress Poll Maker <= 5.6.5 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26971
23 Feb 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5. The Poll Maker plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level ac... • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-5-6-5-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56277 – WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-56277
03 Jan 2025 — Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a. The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.5.4. This is due to the software not properly sanitizing or escaping data added to polls. This makes it possible for unauthenticated attackers to inject HTML elements. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-5-html-injection-vulnerability?_s_id=cve • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56295 – WordPress Poll Maker plugin <= 5.5.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56295
03 Jan 2025 — Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6. The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.6. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50904 – WordPress Poll Maker plugin <= 4.8.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-50904
26 Dec 2023 — Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.8.0. The Poll Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.8.0. This makes it possible for unauthenticated attackers to perform unauthorized actions. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-4-8-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45766 – WordPress Poll Maker plugin <= 4.7.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45766
12 Oct 2023 — Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1. The Poll Maker plugin for WordPress is vulnerable to unauthorized access of data or functionality due to a missing capability check on one of its functions in all versions up to, and including, 4.7.1. This makes it possible for unauthenticated attackers to make use of this function. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-4-7-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •