CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13602 – Poll Maker < 5.5.4 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13602
23 Feb 2025 — The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.3 due to insufficient input sanitization... • https://wpscan.com/vulnerability/05d5010b-94eb-4fd3-b962-e2a16c032b71 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26971 – WordPress Poll Maker <= 5.6.5 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26971
23 Feb 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5. The Poll Maker plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level ac... • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-5-6-5-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56277 – WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-56277
03 Jan 2025 — Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a. The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.5.4. This is due to the software not properly sanitizing or escaping data added to polls. This makes it possible for unauthenticated attackers to inject HTML elements. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-5-html-injection-vulnerability?_s_id=cve • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56295 – WordPress Poll Maker plugin <= 5.5.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56295
03 Jan 2025 — Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6. The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.6. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50904 – WordPress Poll Maker plugin <= 4.8.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-50904
26 Dec 2023 — Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.8.0. The Poll Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.8.0. This makes it possible for unauthenticated attackers to perform unauthorized actions. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-4-8-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45766 – WordPress Poll Maker plugin <= 4.7.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45766
12 Oct 2023 — Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1. The Poll Maker plugin for WordPress is vulnerable to unauthorized access of data or functionality due to a missing capability check on one of its functions in all versions up to, and including, 4.7.1. This makes it possible for unauthenticated attackers to make use of this function. • https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-4-7-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41871 – WordPress Poll Maker Plugin <= 4.7.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-41871
05 Sep 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Poll Maker Team Poll Maker en versiones <= 4.7.0. The Poll Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary... • https://patchstack.com/database/vulnerability/poll-maker/wordpress-poll-maker-best-wordpress-poll-plugin-plugin-4-7-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34013 – WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-34013
26 Jun 2023 — Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Poll Maker Team Poll Maker – Best WordPress Poll Plugin. Este problema afecta a Poll Maker – Best WordPress Poll Plugin: desde n/a hasta 4.6.2. The Poll Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 4.6.2... • https://patchstack.com/database/vulnerability/poll-maker/wordpress-poll-maker-plugin-4-6-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1456 – Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1456
04 May 2022 — The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed El plugin Poll Maker de WordPress versiones anteriores a 4.0.2, no sanea y escapa de algunos parámetros, lo que podría permitir a usuarios con altos privilegios, como los administradores, llevar a cabo un ataque de tipo Cross-Site Scripting Almacenado incluso cuando unfiltered_html es... • https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2021-24651 – Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection
https://notcve.org/view.php?id=CVE-2021-24651
13 Sep 2021 — The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash. El plugin Poll Maker de WordPress versiones anteriores a 3.4.2, permite a usuarios no autenticados llevar a cabo una inyección SQL por medio de la acción ays_finish_poll AJAX. Mientras que el resultado no se revela en la respuesta, es posible us... • https://wpscan.com/vulnerability/24f933b0-ad57-4ed3-817d-d637256e2fb1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-203: Observable Discrepancy •