CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47545 – WordPress Poll Maker <= 5.7.7 - Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2025-47545
07 May 2025 — Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7. The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to a Race Condition in all versions up to, and including, 5.7.7. This is due to the plugin not properly restricting a user's ability to fill out a poll multiple times.. This makes it possible for una... • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-5-7-7-race-condition-vulnerability?_s_id=cve • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26971 – WordPress Poll Maker <= 5.6.5 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26971
23 Feb 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5. The Poll Maker plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level ac... • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-5-6-5-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13602 – Poll Maker < 5.5.4 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13602
23 Feb 2025 — The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.3 due to insufficient input sanitization... • https://wpscan.com/vulnerability/05d5010b-94eb-4fd3-b962-e2a16c032b71 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56277 – WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-56277
03 Jan 2025 — Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a. The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.5.4. This is due to the software not properly sanitizing or escaping data added to polls. This makes it possible for unauthenticated attackers to inject HTML elements. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-5-html-injection-vulnerability?_s_id=cve • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56295 – WordPress Poll Maker plugin <= 5.5.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56295
03 Jan 2025 — Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6. The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.6. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24577 – WordPress Poll Maker plugin <= 5.5.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-24577
15 Dec 2024 — Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0. The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.0. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50904 – WordPress Poll Maker plugin <= 4.8.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-50904
26 Dec 2023 — Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.8.0. The Poll Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.8.0. This makes it possible for unauthenticated attackers to perform unauthorized actions. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-4-8-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45766 – WordPress Poll Maker plugin <= 4.7.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45766
12 Oct 2023 — Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1. The Poll Maker plugin for WordPress is vulnerable to unauthorized access of data or functionality due to a missing capability check on one of its functions in all versions up to, and including, 4.7.1. This makes it possible for unauthenticated attackers to make use of this function. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-4-7-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41871 – WordPress Poll Maker Plugin <= 4.7.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-41871
05 Sep 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Poll Maker Team Poll Maker en versiones <= 4.7.0. The Poll Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary... • https://patchstack.com/database/vulnerability/poll-maker/wordpress-poll-maker-best-wordpress-poll-plugin-plugin-4-7-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34013 – WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-34013
26 Jun 2023 — Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Poll Maker Team Poll Maker – Best WordPress Poll Plugin. Este problema afecta a Poll Maker – Best WordPress Poll Plugin: desde n/a hasta 4.6.2. The Poll Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 4.6.2... • https://patchstack.com/database/vulnerability/poll-maker/wordpress-poll-maker-plugin-4-6-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •